The NSS team has released Network Security Services (NSS) 3.28, which is a minor release.
Below is a summary of the changes. Please refer to the full release notes for additional details: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes Request to test and prepare for TLS 1.3 (draft): ================================ ================ To prepare for a change of default build options, which is planned for the future NSS 3.29 release, we'd like to encourage all users of NSS 3.28 to override the standard NSS build configuration to enable support for (draft ) TLS 1.3 by defining NSS_ENABLE_TLS_1_3=1 at build time. We'd like to ask you to please give feedback to the NSS developers for any compatibility issues that you might encounter in your tests. For providing feedback, you may send a message to this mailing list, see: https://lists.mozilla.org/listinfo/dev-tech-crypto or please report a bug here: https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS New functionality: ================== * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. * NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. New Functions: ============== * SSL_ExportEarlyKeyingMaterial * SSL_SendAdditionalKeyShares * SSL_SignatureSchemePrefSet * SSL_SignatureSchemePrefGet Notable Changes: ================ * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for "export" grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - New functions to configure signature schemes are provided: SSL_SignatureSchemePrefSet, SSL_SignatureSchemePrefGet. The old SSL_SignaturePrefSet and SSL_SignaturePrefSet functions are now deprecated. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAs after October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. The HG tag is NSS_3_28_RTM. NSS 3.28 requires NSPR 4.13.1 or newer. NSS 3.28 source distributions are available for secure download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_28_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.28 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
