Re: [ANNOUNCE] NSS 3.37 Release

2018-05-14 Thread Martin Thomson 
Yes, aside from the version number the two versions are identical.

On Mon, 14 May 2018, 21:51 Kai Engert,  wrote:

> On 14.05.2018 13:24, Kai Engert wrote:
> > On 14.05.2018 11:11, Kurt Roeckx wrote:
> >> On 2018-05-08 22:49, Kai Engert wrote:
> >>> Notable changes:
> >>> * The TLS 1.3 implementation was updated to Draft 28.
> >>
> >> I find it unfortunate that you update the draft version to 28 and did
> >> not keep it at 26 like some other implementations, since the protocol
> >> did not change since draft 26. This makes it harder to actually test
> >> things.
> >
> > Are there relevant technical changes between 26 and 28 ?
> >
> > See https://bugzilla.mozilla.org/show_bug.cgi?id=1446643#c4 in which EKR
> > suggests (IIUC) that there are no changes between 26 and 28.
>
> I meant, no technical changes for NSS are required between 26 and 28, if
> I understand EKR's comment correctly.
>
> Kai
>
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.37 Release

2018-05-14 Thread Kai Engert 
On 14.05.2018 13:24, Kai Engert wrote:
> On 14.05.2018 11:11, Kurt Roeckx wrote:
>> On 2018-05-08 22:49, Kai Engert wrote:
>>> Notable changes:
>>> * The TLS 1.3 implementation was updated to Draft 28.
>>
>> I find it unfortunate that you update the draft version to 28 and did
>> not keep it at 26 like some other implementations, since the protocol
>> did not change since draft 26. This makes it harder to actually test
>> things.
> 
> Are there relevant technical changes between 26 and 28 ?
> 
> See https://bugzilla.mozilla.org/show_bug.cgi?id=1446643#c4 in which EKR
> suggests (IIUC) that there are no changes between 26 and 28.

I meant, no technical changes for NSS are required between 26 and 28, if
I understand EKR's comment correctly.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.37 Release

2018-05-14 Thread Kurt Roeckx 

On 2018-05-08 22:49, Kai Engert wrote:

Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.


I find it unfortunate that you update the draft version to 28 and did 
not keep it at 26 like some other implementations, since the protocol 
did not change since draft 26. This makes it harder to actually test things.



Kurt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.37 Release

2018-05-08 Thread Kai Engert 
The NSS team has released Network Security Services (NSS) 3.37,
which is a minor release.

Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
  select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
  getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
  following CA certificates:
  - CN = S-TRUST Universal Root CA
  - CN = TC TrustCenter Class 3 CA II
  - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.37_release_notes

The HG tag is NSS_3_37_RTM. NSS 3.37 requires NSPR 4.19 or newer.

NSS 3.37 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_37_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.37
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto