[ANNOUNCE] NSS 3.15.4 Release

Thu, 09 Jan 2014 04:58:06 -0800 

The NSS Development Team announces the release of NSS 3.15.4.

Network Security Services (NSS) 3.15.4 is a patch release for NSS 3.15.

The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 919877 - When false start is enabled, libssl will sometimes 
               return unencrypted, unauthenticated data from PR_Recv

New functionality:
* Implemented OCSP querying using the HTTP GET method, which is the new
default,
  and will fall back to the HTTP POST method.
* Implemented OCSP server functionality for testing purposes (httpserv
utility).
* Support SHA-1 signatures with TLS 1.2 client authentication.
* Added the --empty-password command-line option to certutil, to be used
  with -N: use an empty password when creating a new database.
* Added the -w command-line option to pp: don't wrap long output lines.

New Functions:
* CERT_ForcePostMethodForOCSP
* CERT_GetSubjectNameDigest
* CERT_GetSubjectPublicKeyDigest
* SSL_PeerCertificateChain
* SSL_RecommendedCanFalseStart
* SSL_SetCanFalseStartCallback

New Types
* CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix
will
  never attempt to use the HTTP GET method for OCSP requests; it will
always
  use POST.

Notable Changes:
* Reordered the cipher suites offered in SSL/TLS client hello messages
to match
  modern best practices.
* Updated the set of root CA certificates (version 1.96).
* Improved SSL/TLS false start. In addition to enabling the
  SSL_ENABLE_FALSE_START option, an application must now register a
callback
  using the SSL_SetCanFalseStartCallback function.
* When building on Windows, OS_TARGET now defaults to WIN95. To use the
WINNT
  build configuration, specify OS_TARGET=WINNT.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes

The HG tag is NSS_3_15_4_RTM. NSS 3.15.4 requires NSPR 4.10.2 or newer.

NSS 3.15.4 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to