The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.
New functionality:
* For some certificates, such as root CA certificates, that don't
embed any constraints, NSS might impose additional constraints,
such as name constraints. A new API has been added that allows
to lookup imposed constraints.
* It is possible to override the directory in which the NSS build
system will look for the sqlite library.
New Functions:
* CERT_GetImposedNameConstraints
Notable Changes:
* The SSL 3 protocol has been disabled by default.
* NSS now more strictly validates TLS extensions and will fail a
handshake that contains malformed extensions.
* Fixed a bug related to the ordering of TLS handshake messages.
* In TLS 1.2 handshakes, NSS advertises support for the SHA512
hash algorithm, in order to be compatible with TLS servers
that use certificates with a SHA512 signature.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes
The HG tag is NSS_3_19_RTM. NSS 3.19 requires NSPR 4.10.8 or newer.
NSS 3.19 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_RTM/src/
A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.19product=NSS
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto