Re: DarkMatter CA

[Kai Engert]

On 20.02.19 21:36, Leonardo Porpora via dev-tech-crypto wrote:
> I have read about the possibility that you add the DarkMatters's CA in 
> Firefox, I really hope that it will not happen as it will write the end of 
> privacy and humans rights. I don't know if this is the right email to write 
> to please forgive me if it is not. (In that case could you gimme an email or 
> place where I can discuss about it?)

Hello Leonardo,

the best place to discuss CA inclusion topics is Mozilla's
dev-security-policy mailing list. I see this specific topic is actively
being discussed, see the list archives.

https://lists.mozilla.org/listinfo/dev-security-policy

Regards
Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.41.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.41.1,
which is a patch release for NSS 3.41.

It fixes the following bugs:
* Bug 1507135 and Bug 1507174 - Add additional null checks to
  several CMS functions to fix a rare CMS crash.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes

The HG tag is NSS_3_41_1_RTM. NSS 3.41.1 requires NSPR 4.20 or newer.

NSS 3.41.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_41_1_RTM/src/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Debug info on NSS tools

[Kai Engert]

Does this page help?
You might need a debug build (i.e. build yourself with debugging enabled).

https://wiki.mozilla.org/NSS:Tracing

Kai

On 03.01.19 13:51, John Jiang wrote:
> Just tried it, but looked not work.
> 
> $ export SSLDEBUG=1
> $ export SSLTRACE=127
> $ tstclnt -v ...
> I didn't get more logs.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: S/MIME X509 certificate requirements for Thunderbird 60.x

[Kai Engert]

On 23.11.18 12:58, Martin Büchler wrote:
> That is exactly what I am looking for: Where are the certificate requirements 
> specified other than in TB source code? I then would like to instruct our PKI 
> to add/change missing extensions, fields, or anticipated X500 name formats. 

I agree it would be useful to have this kind of documentation, like a
wiki page.

In your case, your certificate is apparently missing the
  "Certificate Basic Constraints"
extension, which makes it clear if a certificate is a CA, or not a CA.

Could you try adding it? (With CA: false)

I think NSS is unwilling to accept certificates without that statement,
as in the past, as a missing extension was used to trick software into
assuming a certificate could be used as a CA.

BTW, you aren't subscribed to this list, which causes your messages to
get stuck in the moderation queue, until someone reviews that queue. I
didn't see your message until today.

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

S/MIME X509 certificate requirements for Thunderbird 60.x

[Kai Engert]

On 22.11.18 17:38, mbch...@gmail.com wrote:
> Now, I want to import a certificate, originally created by our company PKI as 
> SSL-Client certificate for use with Cisco Anyconnect VPN clients.
> 
> I realized that it differs in its DN format, misses explicit mail 
> sing/encryption flags and has additional subject alternative names. 
> 
> Two of my company email addresses are contained as 
> 
>   1. "Subject: CN = @" 
>   2."X509v3 Subject Alternative Name: DNS:vpn., 
> email:@
> 
> I was trying to figure out why Thunderbird refuses to accept this cert for 
> use with either

How did you learn that TB refused it?

In account settings, security tab (not openpgp security tab), if you
click a select button, does TB offer you to use that certificate?

If it isn't offered, your certificate doesn't have the properties that
TB expects. It would be helpful to see a full dump of the properties of
your certificate. Does it include a certificate key usage extension that
allows both digital signature and data encipherment?

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.36.5 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.36.5,
which is a patch release for NSS 3.36.

It fixes the following bug:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes

The HG tag is NSS_3_36_5_RTM. NSS 3.36.5 requires NSPR 4.19 or newer.

NSS 3.36.5 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_36_5_RTM/src/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.39 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.39,
which is a minor release.

Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

New functionality:
* The tstclnt and selfserv utilities added support for configuring
  the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
  these keys is disabled by default but can be enabled using
  SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
  an NSS key database.
* Added the nss-policy-check utility, which can be used to check
  an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.

Notable changes:
* The TLS 1.3 implementation uses the final version number from
  RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
  where the DigestInfo structure was missing the NULL parameter.
  Starting with version 3.39, NSS requires the encoding to contain
  the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
  parameter, as support for TLS compression was removed in a
  previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
  - OU = GlobalSign Root CA - R6
  - CN = OISTE WISeKey Global Root GC CA
  The following CA certificate was Removed:
  - CN = ComSign
  The following CA certificates had the Websites trust bit disabled:
  - CN = Certplus Root CA G1
  - CN = Certplus Root CA G2
  - CN = OpenTrust Root CA G1
  - CN = OpenTrust Root CA G2
  - CN = OpenTrust Root CA G3

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes

The HG tag is NSS_3_39_RTM. NSS 3.39 requires NSPR 4.20 or newer.

NSS 3.39 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_39_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.39

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.37 Release

[Kai Engert]

On 14.05.2018 13:24, Kai Engert wrote:
> On 14.05.2018 11:11, Kurt Roeckx wrote:
>> On 2018-05-08 22:49, Kai Engert wrote:
>>> Notable changes:
>>> * The TLS 1.3 implementation was updated to Draft 28.
>>
>> I find it unfortunate that you update the draft version to 28 and did
>> not keep it at 26 like some other implementations, since the protocol
>> did not change since draft 26. This makes it harder to actually test
>> things.
> 
> Are there relevant technical changes between 26 and 28 ?
> 
> See https://bugzilla.mozilla.org/show_bug.cgi?id=1446643#c4 in which EKR
> suggests (IIUC) that there are no changes between 26 and 28.

I meant, no technical changes for NSS are required between 26 and 28, if
I understand EKR's comment correctly.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.37 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.37,
which is a minor release.

Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
  select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
  getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
  following CA certificates:
  - CN = S-TRUST Universal Root CA
  - CN = TC TrustCenter Class 3 CA II
  - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.37_release_notes

The HG tag is NSS_3_37_RTM. NSS 3.37 requires NSPR 4.19 or newer.

NSS 3.37 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_37_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.37
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.36.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.36.1,
which is a patch release fix regression bugs.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes

The HG tag is NSS_3_36_1_RTM. NSS 3.36.1 requires NSPR 4.19 or newer.

NSS 3.36.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_36_1_RTM/src/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.36 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.

Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
  HACL* implementation.
- Experimental APIs for TLS session cache handling.

The release also includes several regression and correctness fixes.

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36_release_notes

The HG tag is NSS_3_36_RTM. NSS 3.36 requires NSPR 4.19 or newer.

NSS 3.36 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_36_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.36
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.35 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.

Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
  using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
  additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
  and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
  higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes

The HG tag is NSS_3_35_RTM. NSS 3.35 requires NSPR 4.18 or newer.

NSS 3.35 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_35_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.35
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.34.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.34.1,
which is a patch release to update the list of root CA certificates.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.34.1_release_notes

The HG tag is NSS_3_34_1_RTM. NSS 3.34.1 requires NSPR 4.17 or newer.

NSS 3.34.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_34_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Linker error from tstclnt

[Kai Engert]

On 10.11.2017 10:16, muni.pra...@gmail.com wrote:
>> USE_STATIC_RTL=1

I haven't seen this symbol before, maybe it's no longer supported.

Does it work if you don't define it?

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: JSS Version 4.4

[Kai Engert]

Apparently nobody had created/uploaded a release archive for that new version.

You could obtain it by using the HG (mercurial) software, and by using the
release tag. The release notes page you mention refers to tag JSS_4_4_20170313.
I see there are also some newer tags in the JSS code repository, I don't know if
those are official patch releases, or untested snapshots.

Anyway, in order to obtain the code for release tag JSS_4_4_20170313 you could
use instructions like this:

- obtain and install the mercurial/HG software
- run the following commands:

  hg clone https://hg.mozilla.org/projects/jss/
  cd jss
  hg archive --prefix jss-4.4-20170313 \
 -r JSS_4_4_20170313 ../jss-4.4-20170313.tar.gz

If you need the .jar file, which had apparently been distributed for previous
releases, it looks like you'd have to build it yourself.

Kai



On Tue, 2017-08-29 at 21:35 +, Clark, Benjamin wrote:
> Hello,
> 
> I am trying to locate the most current JSS version. I believe it is version
> 4.4 but the Mozilla release notes page (https://developer.mozilla.org/en-US/do
> cs/Mozilla/Projects/NSS/JSS_4.4.0_Release_Notes) identifies a location for the
> source tarballs which doesn't exist (https://ftp.mozilla.org/pub/mozilla.org/s
> ecurity/jss/releases/JSS_4_4_0_RTM/src/ g/security/nss/releases/NSS_3_30_RTM/src/>;) There are no directories under
> the "releases" location newer than 4.3.
> 
> I use JSS 4.3 currently but need to start using JSS/NSS with TLS 1.2 which
> requires the 4.4 JSS upgrade. Can anyone point me to where the Mozilla
> community version of JSS 4.4 is available?
> 
> Thanks, Ben
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.32 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.32,
which is a minor release.

Below is a summary of the changes.

Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes

Notable Changes:

* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following root
  certificates:
  - CN = AddTrust Class 1 CA Root
  - CN = Swisscom Root CA 2
* The following CA certificates were Removed:
  - CN = AddTrust Public CA Root
  - CN = AddTrust Qualified CA Root
  - CN = China Internet Network Information Center EV Certificates Root
  - CN = CNNIC ROOT
  - CN = ComSign Secured CA
  - CN = GeoTrust Global CA 2
  - CN = Secure Certificate Services
  - CN = Swisscom Root CA 1
  - CN = Swisscom Root EV CA 2
  - CN = Trusted Certificate Services
  - CN = UTN-USERFirst-Hardware
  - CN = UTN-USERFirst-Object

The HG tag is NSS_3_32_RTM. NSS 3.32 requires NSPR 4.16 or newer.

NSS 3.32 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_32_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.32

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Can we deprecate NSS signtool?

[Kai Engert]

The NSS utility "signtool" is hardcoded to use SHA1 when creating a digital
signature.

As I've described in this bug:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1345528
it might be complicated to change the default to a more secure hash algorithm in
a compatible way.

I wonder who still depends on signtool. If you know, could you please give
feedback?

I see that OpenJDK ships its own tool, jarsigner.

Mozilla appears to use different tools to sign the Firefox addons in XPI file
format, using python. Franziskus pointed me to:
  https://github.com/mozilla-services/autograph/pull/46 )

Can we declare signtool as deprecated?

Thanks
Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28.5 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28.5,
which is a patch release to update the list of root CA certificates.

These are backported changes, which are equivalent to the changes that
have been recently released with NSS 3.30.2.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA 
- CN = WellsSecure Public Root Certificate Authority 
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root 
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013 
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 
* The version number of the updated root CA list has been set to 2.14
  (Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
  NSS code (Bug 1349705)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.5_release_notes

The HG tag is NSS_3_28_5_RTM. NSS 3.28.5 requires NSPR 4.13.1 or newer.

NSS 3.28.5 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_5_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.30.2 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA 
- CN = WellsSecure Public Root Certificate Authority 
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root 
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013 
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 
* The version number of the updated root CA list has been set to 2.14
  (Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
  NSS code (Bug 1349705)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.2_release_notes

The HG tag is NSS_3_30_2_RTM. NSS 3.30.2 requires NSPR 4.14 or newer.

NSS 3.30.2 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_2_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.21.4 and 3.28.4 and 3.29.5 and 3.30.1 Releases

[Kai Engert]

The NSS Development Team announces multiple security patch releases:

* NSS 3.21.4 for NSS 3.21
* NSS 3.28.4 for NSS 3.28
* NSS 3.29.5 for NSS 3.29
* NSS 3.30.1 for NSS 3.30

No new functionality is introduced in these releases.

The following security fixes are included. Users are encouraged to upgrade
immediately.

In NSS 3.21.4, 3.28.4, 3.29.5 and 3.30.1:
* Bug 1344380 / CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS

In NSS 3.21.4, NSS 3.28.4 and 3.29.5:
* Bug 1345089 / CVE-2017-5462 - DRBG flaw in NSS

In NSS 3.28.4 an additional crash fix was included.

NSS source distributions are available on ftp.mozilla.org for secure HTTPS
download.

NSS 3.21.4 requires NSPR 4.12 or newer. The HG tag is NSS_3_21_4_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_21_4_RTM/src/

NSS 3.28.4 requires NSPR 4.13.1 or newer. The HG tag is NSS_3_28_4_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_4_RTM/src/

NSS 3.29.5 requires NSPR 4.13.1 or newer. The HG tag is NSS_3_29_5_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_29_5_RTM/src/

NSS 3.30.1 requires NSPR 4.14 or newer. The HG tag is NSS_3_30_1_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How can i list Builtin Root ACs ?

[Kai Engert]

On Tue, 2017-02-21 at 06:40 -0800, Abdelhak Brrem wrote:
> Does anyone knows how to list the builtin root ACs stored in the nssckbi.dll
> file ?.

If you're asking about certutil, you can use the "-h all" parameter to list
certificates from all tokens.

But by default certutil doesn't load nssckbi.dll

You can create a new database using "certutil -N", then use modutil to add the
nssckbi.dll as a module to your database, then "certutil -L -h all" should work.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28.3 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28.3

No new functionality is introduced in this release.
This is a patch release to fix binary compatibility issues.

NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation
with the NSS compatibility promise.

ECParams, which is part of the public API of the freebl/softokn parts of NSS,
had been changed to include an additional attribute. That size increase caused
crashes or malfunctioning with applications that use that data structure
directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey,
NSSLOWKEYPrivateKey, or potentially other data structures that reference
ECParams. The change has been reverted to the original state in bug 1334108.

SECKEYECPublicKey had been extended with a new attribute, named "encoding". If
an application passed type SECKEYECPublicKey to NSS (as part of
SECKEYPublicKey), the NSS library read the uninitialized attribute. With this
NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the
attribute, and will always set it to ECPoint_Undefined. See bug 1340103.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.3_release_notes

The HG tag is NSS_3_28_3_RTM. NSS 3.28.3 requires NSPR 4.13.1 or newer.

NSS 3.28.3 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_3_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.29.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.29.1

No new functionality is introduced in this release.
This is a patch release to fix binary compatibility issues.

NSS version 3.28, 3.28.1, 3.28.2 and 3.29 contained changes that were in
violation with the NSS compatibility promise.

ECParams, which is part of the public API of the freebl/softokn parts of NSS,
had been changed to include an additional attribute. That size increase caused
crashes or malfunctioning with applications that use that data structure
directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey,
NSSLOWKEYPrivateKey, or potentially other data structures that reference
ECParams. The change has been reverted to the original state in bug 1334108.

SECKEYECPublicKey had been extended with a new attribute, named "encoding". If
an application passed type SECKEYECPublicKey to NSS (as part of
SECKEYPublicKey), the NSS library read the uninitialized attribute. With this
NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the
attribute, and will always set it to ECPoint_Undefined. See bug 1340103.

(Note that NSS 3.28.3 from the older NSS 3.28.x branch has also been released
 with the identical fixes.)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.1_release_notes

The HG tag is NSS_3_29_1_RTM. NSS 3.29.1 requires NSPR 4.13.1 or newer.

NSS 3.29.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_29_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28.1,
which is a patch release.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

No new functionality is introduced in this release. This is a patch release to
update the list of root CA certificates and address a minor TLS compatibility
issue that some applications experienced with NSS 3.28.

Notable Changes:
* The following CA certificates were Removed
- CN = Buypass Class 2 CA 1
- CN = Root CA Generalitat Valenciana
- OU = RSA Security 2048 V3
* The following CA certificates were Added
- OU = AC RAIZ FNMT-RCM
- CN = Amazon Root CA 1
- CN = Amazon Root CA 2
- CN = Amazon Root CA 3
- CN = Amazon Root CA 4
- CN = LuxTrust Global Root 2
- CN = Symantec Class 1 Public Primary Certification Authority - G4
- CN = Symantec Class 1 Public Primary Certification Authority - G6
- CN = Symantec Class 2 Public Primary Certification Authority - G4
- CN = Symantec Class 2 Public Primary Certification Authority - G6
* The version number of the updated root CA list has been set to 2.11
* A misleading assertion/alert has been removed when NSS tries to flush data
  to the peer but the connection was already reset.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes

The HG tag is NSS_3_28_1_RTM. NSS 3.28.1 requires NSPR 4.13.1 or newer.

NSS 3.28.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_28_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.28.1

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28,
which is a minor release.

Below is a summary of the changes.

Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes


Request to test and prepare for TLS 1.3 (draft):


To prepare for a change of default build options, which is
planned for
the future NSS 3.29 release, we'd like to encourage all users of NSS
3.28
to override the standard NSS build configuration to enable support for
(draft
) TLS 1.3 by defining NSS_ENABLE_TLS_1_3=1 at build time.
We'd like to ask you to
please give feedback to the NSS developers for any
compatibility issues that you
might encounter in your tests.

For providing feedback, you may send a message to this mailing list, see:
  https://lists.mozilla.org/listinfo/dev-tech-crypto
or please report a bug here:
  https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS


New functionality:
==
* NSS includes support for TLS 1.3 draft -18. This includes a number 
  of
improvements to TLS 1.3:
  - The signed certificate timestamp, used in
certificate transparency, 
    is supported in TLS 1.3.
  - Key exporters for TLS
1.3 are supported. This includes the early key
    exporter, which can be used if
0-RTT is enabled. Note that there is a
    difference between TLS 1.3 and key
exporters in older versions of TLS.
    TLS 1.3 does not distinguish between an
empty context and no context.
  - The TLS 1.3 (draft) protocol can be enabled, by
defining
    NSS_ENABLE_TLS_1_3=1 when building NSS.
* NSS includes support for
the X25519 key exchange algorithm, which is
  supported and enabled by default in
all versions of TLS.

New Functions:
==
* SSL_ExportEarlyKeyingMaterial
* SSL_SendAdditionalKeyShares
* SSL_SignatureSchemePrefSet
* SSL_SignatureSchemePrefGet

Notable Changes:

* NSS can no longer be compiled with support for additional elliptic curves.
  This was previously possible by replacing certain NSS source files.
* NSS will now detect the presence of tokens that support additional
  elliptic curves and enable those curves for use in TLS.
  Note that this detection has a one-off performance cost, which can be
  avoided by using the SSL_NamedGroupConfig function to limit supported
  groups to those that NSS provides.
* PKCS#11 bypass for TLS is no longer supported and has been removed.
* Support for "export" grade SSL/TLS cipher suites has been removed.
* NSS now uses the signature schemes definition in TLS 1.3.
  This also affects TLS 1.2. NSS will now only generate signatures with the
  combinations of hash and signature scheme that are defined in TLS 1.3,
  even when negotiating TLS 1.2.
  - This means that SHA-256 will only be used with P-256 ECDSA certificates,
    SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates.
    SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward
    compatibility reasons.
  - New functions to configure signature schemes are provided:
    SSL_SignatureSchemePrefSet, SSL_SignatureSchemePrefGet.
    The old SSL_SignaturePrefSet and SSL_SignaturePrefSet functions are
    now deprecated.
  - NSS will now no longer assume that default signature schemes are 
    supported by a peer if there was no commonly supported signature scheme.
* NSS will now check if RSA-PSS signing is supported by the token that holds
  the private key prior to using it for TLS.
* The certificate validation code contains checks to no longer trust
  certificates that are issued by old WoSign and StartCom CAs after 
  October 21, 2016. This is equivalent to the behavior that Mozilla will
  release with Firefox 51.


The HG tag is NSS_3_28_RTM. NSS 3.28 requires NSPR 4.13.1 or newer.

NSS 3.28 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_28_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=NSS_milestone=3.28

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: NSS and NSPR compilation error: ssl3con.c:36:18: fatal error: zlib.h: No such file

[Kai Engert]

On Thu, 2016-10-20 at 10:13 +, Ding Yangliang wrote:
> ssl3con.c:36:18: fatal error: zlib.h: no such file or directory

zlib.h is a file that should be provided by your development environment.

I don't know what package on Ubuntu provides that file, but I'm guessing the
name should be similar to zlib-dev.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.27.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.27.1.

This is a patch release to address a TLS compatibility issue 
that some applications experienced with NSS 3.27.

Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.

Previous versions of NSS made TLS 1.3 (draft) available only when compiled
with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing
TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the
maximum version used by default remained TLS 1.2.

However, some applications query the list of protocol versions that are
supported by the NSS library, and enable all supported TLS protocol versions.
Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused
those applications to enable TLS 1.3 (draft). This resulted in connectivity
failures, as some TLS servers are version 1.3 intolerant, and failed to
negotiate an earlier TLS version with NSS 3.27 clients.

NSS 3.27.1 once again requires NSS_ENABLE_TLS_1_3 to be set
to enable TLS 1.3 (draft).
( https://bugzilla.mozilla.org/show_bug.cgi?id=1306985 )

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27.1_release_notes

The HG tag is NSS_3_27_1_RTM. NSS 3.27.1 requires NSPR 4.13 or newer.

NSS 3.27.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.27 Release

[Kai Engert]

On Sun, 2016-10-02 at 08:30 +0200, Florian Weimer wrote:
> Is there a compile-time switch to disable the draft protocol
> implementation completely?

Yes, define NSS_DISABLE_TLS_1_3=1 at build time.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.27 Release

[Kai Engert]

On Wed, 2016-09-28 at 14:39 +0200, Kai Engert wrote:
> The NSS team has released Network Security Services (NSS) 3.27,
> which is a minor release.
> ...
> The full release notes are available at
> https://developer.mozilla.org/en-
> US/docs/Mozilla/Projects/NSS/NSS_3.27_releas_notes


Unfortunately, we had forgotten to mention an important change in NSS 3.27:

  The maximum TLS version enabled by default has been increased to TLS 1.3

This is particularly noteworthy, because we have already received
incompatibility reports.

(For the current status of TLS 1.3, see
 https://tools.ietf.org/html/draft-ietf-tls-tls13-16 )

In general, if a client supports a newer version of TLS, and offers it in the
TLS client_hello message, but the server supports only older versions of TLS,
the server can request to use the older preference with the server_hello
message.

Apparently there are servers that don't follow the above rule, but simply abort
the connection (TLS version intolerance), when receiving a client_hello offering
TLS 1.3, as sent with NSS 3.27 by default, if the application doesn't request a
specific maximum TLS version.

If you experience failure to connect to a server with TLS 1.3 enabled, you
should probably report this intolerance to the operator of the server.

If your client application allows you to configure the maximum TLS version
enabled, you could attempt to configure maximum version TLS 1.2 when connecting
to a broken server.

Consumers of NSS, who'd like to disable the use of TLS 1.3 completely, may do so
by defining symbol NSS_DISABLE_TLS_1_3 when building NSS.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.24 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.24, which is 
a minor release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1 
  (no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS 
  server sockets with a certificate and private key. This method should be 
  used in preference to SSL_ConfigSecureServer,
  SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
  SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.

New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate, 
  private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on 
  the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on 
  the stack. See PORTCheapArenaPool.

New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument 
  to SSL_ConfigServerCert.  It contains supplementary information about a 
  certificate, such as the intended type of the certificate, stapled OCSP 
  responses, or signed certificate timestamps (used for certificate 
  transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for 
  temporary arena allocations.

New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the 
  TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only 
  used for session resumption in TLS 1.3.

Notable Changes:
* The following functions have been deprecated (applications should use the 
  new SSL_ConfigServerCert function instead):
  * SSL_SetStapledOCSPResponses
  * SSL_SetSignedCertTimestamps
  * SSL_ConfigSecureServer
  * SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
  value for certificates that might be used for signing rather than key 
  exchange.
* SSLAuthType has been updated to define a larger number of authentication 
  key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been 
  deprecated. Instead, applications should use the newly added attribute 
  authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been 
  added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to 
  actively send a SSL v2 compatible client hello.
  However, the server side implementation of the SSL/TLS protocol continues to 
  support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the 
  environment variable named SSLKEYLOGFILE is set. NSS has been changed to 
  disable this functionality in optimized builds by default. In order to enable 
  the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE 
  must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved.  This includes support for DTLS 1.3.
  Note that TLS 1.3 support is experimental and is not suitable for production
  use.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes

The HG tag is NSS_3_24_RTM. NSS 3.24 requires NSPR 4.12 or newer.

NSS 3.24 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_24_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=Components_format=advanced=NSS_milestone=3.24

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.4,
which is a security patch release for NSS 3.19.2.

(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to
NSS 3.21.1, NSS 3.22.2, or a later release.)

No new functionality is introduced in this release.

The following security fixes from NSS 3.21 have been backported to NSS 3.19.2.4.
Users are encouraged to upgrade immediately.

* Bug 1185033 / CVE-2016-1979 - Use-after-free during processing of DER
  encoded keys in NSS
* Bug 1209546 / CVE-2016-1978 - Use-after-free in NSS during SSL connections
  in low memory
* Bug 1190248 / CVE-2016-1938 - Errors in mp_div and mp_exptmod cryptographic
  functions in NSS

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.4_release_notes

The HG tag is NSS_3_19_2_4_RTM. NSS 3.19.2.4 requires NSPR 4.10.10 or newer.

NSS 3.19.2.4 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_4_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.

No new functionality is introduced in this release.

The following bugs have been resolved in NSS 3.22.3

* Bug 1243641 - Increase compatibility of TLS extended master secret,
  don't send an empty TLS extension last in the handshake

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.3_release_notes

The HG tag is NSS_3_22_3_RTM. NSS 3.22.3 requires NSPR 4.12 or newer.

NSS 3.22.3 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_3_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.22.2,
which is a security patch release for NSS 3.22.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.22.2. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

Notable Changes:
* Bug 1247990 - The root CA changes from NSS 3.23 have been backported.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.2_release_notes

The HG tag is NSS_3_22_2_RTM. NSS 3.22.2 requires NSPR 4.12 or newer.

NSS 3.22.2 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_2_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.21.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.21.1,
which is a security patch release for NSS 3.21.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.21.1. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

The HG tag is NSS_3_21_1_RTM. NSS 3.21.1 requires NSPR 4.10.10 or newer.

NSS 3.21.1 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_1_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.23 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.

The following security-relevant bug has been resolved in NSS 3.23. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
  (bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
  This code is not ready for production use.

New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
  anti-downgrade mechanism

Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
  (bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered 
  to improve compatibility of the Extended Master Secret feature
  with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed 
  to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added, 
  which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado 
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado 
- NetLock Uzleti (Class B) Tanusitvanykiado 
- NetLock Expressz (Class C) Tanusitvanykiado 
- VeriSign Class 1 Public PCA – G2 
- VeriSign Class 3 Public PCA 
- VeriSign Class 3 Public PCA – G2 
- CA Disig
* The following CA certificates were Added 
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA 

The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes

The HG tag is NSS_3_23_RTM. NSS 3.23 requires NSPR 4.12 or newer.

NSS 3.23 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_23_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=Components_format=advanced=NSS_milestone=3.23

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.3,
which is a security patch release for NSS 3.19.2.

(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to
NSS 3.21.1, NSS 3.22.2, or a later release.)

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.19.2.3. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

The HG tag is NSS_3_19_2_3_RTM. NSS 3.19.2.3 requires NSPR 4.10.10 or newer.

NSS 3.19.2.3 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_3_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: server-side OCSP stapling

[Kai Engert]

On Tue, 2016-03-01 at 17:19 -0800, Robert Relyea wrote:
> IIRC the API to fetch the ocsp response is mostly application code. NSS 
> has a simple http request function that can fetch the request if the 
> application doesn't supply one (which doesn't know about proxies, etc.). 
> You could override the http fetch function, then validate your cert 
> change and squirrel way the OCSP response before you pass it off to NSS. 
> That's probably the simplest way of getting it.
> 
> I think You just need the blob, not the parsed blob.

Adding a few more details:

We don't have a helper function to do everything in a simple
way, you'll have to call a series of functions.

We could consider to implement a new API for that, but for now,
you'll have to do it manually.

Start with CERT_GetOCSPAuthorityInfoAccessLocation() to get the OCSP AIA URL
embedded in the cert.

If you aren't required to use a proxy for the outgoing connection to the
CA's OCSP responder, you can rely on NSS' internal minimal HTTP client.

(If you do need a proxy, you'll have to link a smarter HTTP client into your
server, and use the NSS callback API to override which HTTP client NSS
will use, see SEC_RegisterDefaultHttpClient.)

Then use CERT_GetEncodedOCSPResponseByMethod, probably you should prefer to
use the "GET" method, see the comment in the ocsp.c file for how to use it.

This will give you the encoded OCSP response. I believe you can use the whole
result as input for SSL_SetStapledOCSPResponses().

If your server uses multiple certs (e.g. RSA and ECC), you should do that
twice, once for each cert.

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Is there a tool in NSS to validate a website certificate set?

[Kai Engert]

On Tue, 2016-02-09 at 22:51 +1000, Jonathan Wilson wrote:
> OpenSSL has a s_client command that allows you to pull the certificates a 
> web page sends and verify the chain of trust against whatever root CA store 
> OpenSSL is using. Is there a way to do something similar for NSS? i.e. pull 
> the certificates a web page sends and validate them against the current set 
> of Mozilla root certificates?
> 
> And if there is, where do I get it from and how do I compile it? (if its 
> one of the standard utilities in NSS, how do I compile those?)

If you use a Linux distribution, you can probably get a package that already
contains the tools. On fedora it's nss-tools

We have test utilities, that are primarily used as part of the NSS test suite,
and which (at least on Fedora) are shipped in a separate "unsupported-tools"
directory, but they can do what you want.

On Fedora, you can execute 
  /usr/lib64/nss/unsupported-tools/vfyserv www.yourhost

which will attempt to validate the server's cert against the CA trust list that
comes with NSS (from the libnssckbi.so module).

This doesn't show the full chain on the terminal, but there's an option -c that
will dump all certs sent by the server into files.

I also like tstclnt, which has recently been enhanced to print information about
the server chain:

/usr/lib64/nss/unsupported-tools/tstclnt -C -D -b -h www.yourhost -p 443

You can use -C up to three times, to get more details about the certs.

If your platform doesn't offer you the NSS tools pre-packaged, then tollow the
standard NSS build instructions:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Sources_Building_Testing

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.

New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)

New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp 
  TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
  TLS extension data

New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag

New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)

Notable Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler. 
  Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22_release_notes

The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.

NSS 3.22 source distributions are available for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED=Components_format=advanced_milestone=3.22=NSS

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.2

Network Security Services (NSS) 3.19.2.2 is a patch release
for NSS 3.19.2 to fix a security-relevant bug.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.19.2.2. 
Users are encouraged to upgrade immediately.

* Bug 1158489 (CVE-2015-7575):
  Prevent MD5 Downgrade in TLS 1.2 Signatures

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.2_release_notes

The HG tag is NSS_3_19_2_2_RTM. NSS 3.19.2.2 requires NSPR 4.10.10 or newer.

NSS 3.19.2.2 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_2_RTM/src/

The NSS development team would like to thank Karthikeyan Bhargavan from INRIA
for responsibly disclosing the issue in Bug 1158489.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.20.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.20.2

Network Security Services (NSS) 3.20.2 is a patch release
for NSS 3.20 to fix a security-relevant bug.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.20.2.
Users are encouraged to upgrade immediately.

* Bug 1158489 (CVE-2015-7575):
  Prevent MD5 Downgrade in TLS 1.2 Signatures

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes

The HG tag is NSS_3_20_2_RTM. NSS 3.20.2 requires NSPR 4.10.10 or newer.

NSS 3.20.2 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_2_RTM/src/

The NSS development team would like to thank Karthikeyan Bhargavan from INRIA
for responsibly disclosing the issue in Bug 1158489.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.21 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.

New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)

New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
  string, module parameters string, NSS specific parameters string, and NSS
  configuration parameter string. The module represented by the module
  structure is not loaded. The difference with SECMOD_CreateModule is the new
  function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
  to the handshake being completed, for use with the callbacks that are invoked
  during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
  for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
  algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
  can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
  library string, module name string, module parameters string, NSS specific
  parameters string, and NSS configuration parameter strings. The returned
  strings must be freed by the caller. The difference with
  NSS_ArgParseModuleSpec is the new function handles NSS configuration
  parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
  module parameters string, NSS specific parameters string, and NSS
  configuration parameter string and returns a module string which the caller
  must free when it is done. The difference with NSS_MkModuleSpec is the new
  function handles NSS configuration parameter strings.

New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
  prior to handshake completion

New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
  ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
  PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
  exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
  DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
  signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
  unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
  master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
  extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
  master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
  TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
  that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
  preliminary information has been set

Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 

[ANNOUNCE] NSS 3.19.2.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.1

Network Security Services (NSS) 3.19.2.1 is a patch release
for NSS 3.19.2 to fix security-relevant bugs.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.19.2.1. 
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and 
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are 
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.

The following security-relevant bugs have been resolved in NSPR 4.10.10, 
which affect NSS.

Because NSS includes portions of the affected NSPR code at build time, 
it is necessary to use NSPR 4.10.10 when building NSS.

* Bug 1205157 (NSPR, CVE-2015-7183): 
  A logic bug in the handling of large allocations would allow 
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to 
  bypass security checks and obtain control of arbitrary memory.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes

The HG tag is NSS_3_19_2_1_RTM. NSS 3.19.2.1 requires NSPR 4.10.10 or newer.

NSS 3.19.2.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.4

Network Security Services (NSS) 3.19.4 is a patch release
for NSS 3.19 to fix security-relevant bugs.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.19.4. 
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and 
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are 
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.

The following security-relevant bugs have been resolved in NSPR 4.10.10, 
which affect NSS.

Because NSS includes portions of the affected NSPR code at build time, 
it is necessary to use NSPR 4.10.10 when building NSS.

* Bug 1205157 (NSPR, CVE-2015-7183): 
  A logic bug in the handling of large allocations would allow
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to
  bypass security checks and obtain control of arbitrary memory.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

The HG tag is NSS_3_19_4_RTM. NSS 3.19.4 requires NSPR 4.10.10 or newer.

NSS 3.19.4 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_4_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.20.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.20.1

Network Security Services (NSS) 3.20.1 is a patch release
for NSS 3.20 to fix security-relevant bugs.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.

The following security-relevant bugs have been resolved in NSPR 4.10.10,
which affect NSS.

Because NSS includes portions of the affected NSPR code at build time,
it is necessary to use NSPR 4.10.10 when building NSS.

* Bug 1205157 (NSPR, CVE-2015-7183):
  A logic bug in the handling of large allocations would allow
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to
  bypass security checks and obtain control of arbitrary memory.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes

The HG tag is NSS_3_20_1_RTM. NSS 3.20.1 requires NSPR 4.10.10 or newer.

NSS 3.20.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.3

Network Security Services (NSS) 3.19.3 is a patch release
for NSS 3.19 to update the list of root CA certificates.

No new functionality is introduced in this release.

Notable Changes:
* The following CA certificates were Removed
- Buypass Class 3 CA 1
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
- SG TRUST SERVICES RACINE
- TC TrustCenter Universal CA I
- TC TrustCenter Class 2 CA II
* The following CA certificate had the Websites trust bit turned off
- ComSign Secured CA
* The following CA certificates were Added
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- Certinomis - Root CA
* The version number of the updated root CA list has been set
  to 2.5

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.3_release_notes

The HG tag is NSS_3_19_3_RTM. NSS 3.19.3 requires NSPR 4.10.8 or newer.

NSS 3.19.3 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_3_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.19.3product=NSS



-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Missing functions in latest NSS library

[Kai Engert]

On Tue, 2015-06-09 at 04:34 -0700, John wrote:
 I did not get these error with Mozilla xulrunner SDK 32.0 (which includes
 NSS 3.16.4).

This might be caused by Mozilla's optimization attempts.

On certain platforms, Mozilla merges all NSS code into a single shared
library, and limit the exported functions to those that Mozilla
requires.

As an unfortunate result, the NSS library shipped by Mozilla is a
crippled version, that exports a subset of NSS functions, only, although
it uses the same name nss3.dll.

Looking at file config/external/nss/nss.def in the Firefox sources, I
don't see the first function you've mentioned
(PK11_ListFixedKeysInSlot).

You could try to patch the mozilla code, probably this source file, to
include all the functions that you require.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.1

Network Security Services (NSS) 3.19.1 is a patch release
for NSS 3.19.

No new functionality is introduced in this release. This patch
release includes a fix for the recently published logjam attack.

Notable Changes:
* The minimum strength of keys that libssl will accept for
  finite field algorithms (RSA, Diffie-Hellman, and DSA) have
  been increased to 1023 bits (bug 1138554).
* NSS reports the bit length of keys more accurately.  Thus,
  the SECKEY_PublicKeyStrength and SECKEY_PublicKeyStrengthInBits
  functions could report smaller values for values that have
  leading zero values. This affects the key strength values that
  are reported by SSL_GetChannelInfo.

The NSS development team would like to thank Matthew Green and
Karthikeyan Bhargavan for responsibly disclosing the issue in
bug 1138554.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

The HG tag is NSS_3_19_1_RTM. NSS 3.19.1 requires NSPR 4.10.8 or newer.

NSS 3.19.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.19.1product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.

New functionality:
* For some certificates, such as root CA certificates, that don't
  embed any constraints, NSS might impose additional constraints,
  such as name constraints. A new API has been added that allows
  to lookup imposed constraints.
* It is possible to override the directory in which the NSS build
  system will look for the sqlite library.

New Functions:
* CERT_GetImposedNameConstraints

Notable Changes:
* The SSL 3 protocol has been disabled by default.
* NSS now more strictly validates TLS extensions and will fail a
  handshake that contains malformed extensions.
* Fixed a bug related to the ordering of TLS handshake messages.
* In TLS 1.2 handshakes, NSS advertises support for the SHA512
  hash algorithm, in order to be compatible with TLS servers
  that use certificates with a SHA512 signature.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

The HG tag is NSS_3_19_RTM. NSS 3.19 requires NSPR 4.10.8 or newer.

NSS 3.19 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.19product=NSS




-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Error code: sec_error_ca_cert_invalid

[Kai Engert]

On Tue, 2015-04-28 at 12:51 -0500, Rebecca White wrote:
 The site is
 https://bankruptcylink.com

This issue is now being tracked at
https://bugzilla.mozilla.org/show_bug.cgi?id=1159471


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Error code: sec_error_ca_cert_invalid

[Kai Engert]

On Thu, 2015-04-23 at 13:11 -0700, rebecca.c...@gmail.com wrote:
 Accessing https site that is used by the entire state of Indiana. My
 office is apparently the only office that cannot access the site. Well,
 that is to say, half of my office cannot access the site, the other
 half can access it with no problem. All are using Firefox 36.0.4, all
 were previously able to access the site.
 
 I no longer see a security.use_mozillapkix_verification setting in
 about:config - what is preventing some firefox users from accessing
 this site?

Hello Rebecca,

the setting security.use_mozillapkix_verification has been removed, I
believe it's gone since Firefox 32. Since then, Firefox only uses the
new code.

You say you aren't able to access that site. First, it means that site
isn't following best practices. If the entire state of Indiana is
required to use that site, then it would be very good to fix that site.
Is it a public Internet site, or some internal/intranet site?

Is my assumption correct, that you cannot access the site, because you
are unable to add an override, like Firefox usually allows with other
bad sites?

There was a regression bug in Firefox 36 which made it impossible to
add an override for certain scenarios that result in the
ca_cert_invalid error message.
(That was https://bugzilla.mozilla.org/show_bug.cgi?id=1138332 )

Unfortunately, it was too late to get that bug fixed in Firefox 36.

However, Firefox 37, which was released end of March 2015, contained a
fix for this issue.

Are you able to upgrade to Firefox 37 and see if it fixes your issue?

If it doesn't, then could you please send us additional information
about the server? If it's a server on the public Internet, then we'd
need to know the server address (www...), or, if it's an Intranet
server, then someone would have to save a copy of the certificates used
by the server, which can be retrieved by running diagnostic utilities.
Let us know if you'd like to have instructions on how to do that.

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.18.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.18.1

Network Security Services (NSS) 3.18.1 is a patch release
for NSS 3.18 to update the list of root CA certificates.

No new functionality is introduced in this release.

Notable Changes:
* The following CA certificate had the Websites and Code Signing
  trust bits restored to their original state to allow more time
  to develop a better transition strategy for affected sites:
  - OU = Equifax Secure Certificate Authority
* The following CA certificate was removed:
  - CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
* The following intermediate CA certificate has been added as
  actively distrusted because it was mis-used to issue certificates
  for domain names the holder did not own or control:
  - CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
* The version number of the updated root CA list has been set
  to 2.4

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18.1_release_notes

The HG tag is NSS_3_18_1_RTM. NSS 3.18.1 requires NSPR 4.10.8 or newer.

NSS 3.18.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.18.1product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.18 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.18,
which is a minor release.

New functionality:
* When importing certificates and keys from a PKCS#12 source,
  it's now possible to override the nicknames, prior to importing
  them into the NSS database, using new API
  SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
  -C, -D, -b and -R.
  Use -C one, two or three times to print information about the
  certificates received from a server, and information about the
  locally found and trusted issuer certificates, to diagnose
  server side configuration issues. It is possible to run tstclnt
  without providing a database (-D). A PKCS#11 library that
  contains root CA certificates can be loaded by tstclnt, which
  may either be the nssckbi library provided by NSS (-b) or
  another compatible library (-R).

New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames

New Types
* SEC_PKCS12NicknameRenameCallback

Notable Changes:
* The highest TLS protocol version enabled by default has been
  increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
  protocol version enabled by default has been increased from
  DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
  pair has been increased from 1024 bits to 2048 bits.
* On Mac OS X, by default the softokn shared library will link
  with the sqlite library installed by the operating system,
  if it is version 3.5 or newer.
* The following CA certificates had the Websites and Code Signing
  trust bits turned off:
  - Equifax Secure Certificate Authority 
  - Equifax Secure Global eBusiness CA-1 
  - TC TrustCenter Class 3 CA II 
* The following CA certificates were Added:
  - Staat der Nederlanden Root CA - G3
  - Staat der Nederlanden EV Root CA
  - IdenTrust Commercial Root CA 1
  - IdenTrust Public Sector Root CA 1
  - S-TRUST Universal Root CA
  - Entrust Root Certification Authority - G2
  - Entrust Root Certification Authority - EC1
  - CFCA EV ROOT
* The version number of the updated root CA list has been set
  to 2.3

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18_release_notes

The HG tag is NSS_3_18_RTM. NSS 3.18 requires NSPR 4.10.8 or newer.

NSS 3.18 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.18product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

[Kai Engert]

On Mon, 2015-02-02 at 13:21 +0100, helpcrypto helpcrypto wrote:
 On Mon, Feb 2, 2015 at 1:17 PM, Kai Engert k...@kuix.de wrote:
 
   exported:
   OS_TARGET=WINNT
 
  Please use OS_TARGET=WIN95
 
  That's the newer and supported configuration.
 
  LOL
 hahahahahahahahahahahahahahaha
 
 I love you kaie ;)

https://bugzilla.mozilla.org/show_bug.cgi?id=814982


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

[Kai Engert]

On Sun, 2015-02-01 at 20:34 -0800, Sean Leonard wrote:
 I'm trying to build NSS 3.17.4 on Windows 7 with the latest 
 MozillaBuild. Although I was able to work around a build error, it would 
 be appreciated if the NSS folks get the NSPR folks to fix the problem.
 
 Used:
 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_4_RTM/src/
 
 nss-3.17.4-with-nspr-4.10.7.tar.gz
 
 exported:
 OS_TARGET=WINNT

Please use OS_TARGET=WIN95

That's the newer and supported configuration.

If you found any place that suggests to use WINNT, we should update that
location.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

[Kai Engert]

On Mon, 2015-02-02 at 07:47 -0800, Sean Leonard wrote:
 See Building NSS, which I think most people who do a rudimentary 
 Google search would find when they want to build NSS:
 
 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Building


Thanks for the link, I've fixed the page.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.4.

Network Security Services (NSS) 3.17.4 is a patch release for NSS 3.17.

No new functionality is introduced in this release.

Notable Changes:
* If an SSL/TLS connection fails, because client and server don't have
  any common protocol version enabled, NSS has been changed to report
  error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting
  SSL_ERROR_NO_CYPHER_OVERLAP).
* libpkix was fixed to prefer the newest certificate, if multiple 
  certificates match.
* fixed a memory corruption issue during failure of keypair generation.
* fixed a failure to reload a PKCS#11 module in FIPS mode.
* fixed interoperability of NSS server code with a LibreSSL client.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes

The HG tag is NSS_3_17_4_RTM. NSS 3.17.4 requires NSPR 4.10.7 or newer.

NSS 3.17.4 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_4_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.17.4product=NSS

SHA1SUMS
76beddfea9f1503920e40d7066aa704bbaeef558  nss-3.17.4.tar.gz
3641d13371107a879aed1a6ffcbaf20d8e572114  nss-3.17.4-with-nspr-4.10.7.tar.gz

SHA256SUMS
1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79  
nss-3.17.4.tar.gz
21c7bc1f2c2c44d1e0abe66dd96a93ea2a2f3214261404ccb21e5d1075c27f2e  
nss-3.17.4-with-nspr-4.10.7.tar.gz



signature.asc
Description: This is a digitally signed message part
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Problems with python-nss get_cert_nicknames

[Kai Engert]

On Fri, 2015-01-09 at 12:10 -0800, Roger Dunn wrote:
 Yes, that was me on both posts... the first one was taking awhile to
 pop up on the grid (overnight), thought it was lost in a black hole.

Your message arrived on the list via posting to the newsgroup. Those
messages often end up in the moderation queue, which is only looked at
(at most) once a day.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Fwd: Guidance for NSS, NSPR cross compilation

[Kai Engert]

On Fri, 2014-12-12 at 03:45 -0800, sachin gupta wrote:
 I would appreciate if you could help me with any documentation on NSS
 cross compilation for Arm

Sorry, I don't have experience on this topic.


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Fwd: Guidance for NSS, NSPR cross compilation

[Kai Engert]

On Wed, 2014-12-10 at 12:25 +0900, Kosuke Kaizuka wrote:
 Why you choose such an old and out-of-dated version of NSS?
 3.17.3 (current latest stable) or 3.16.6 (used in current Fx/Tb 31.x
 ESR branches) should be used.

Clarification: FF/TB 31.x currently use 3.16.2.3

3.16.6 is older, 3.16.2.3 is newer.
(See also my message from 2014-10-27 on this list.)

Should any future NSS bugfixes be backported for FF/TB 31.x ESR, they
will probably be added on the NSS_3_16_2_BRANCH and we might produce
additional 3.16.2.x releases.

If anyone still uses 3.16.6, they should upgrade to NSS 3.17.3

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.3.

Network Security Services (NSS) 3.17.3 is a patch release for NSS 3.17.

New functionality:
* Support for TLS_FALLBACK_SCSV has been added to the ssltap and
  tstclnt utilities

Notable Changes:
* The QuickDER decoder now decodes lengths robustly
  (CVE-2014-1569)
* The following 1024-bit CA certificates were Removed:
  - GTE CyberTrust Global Root
  - Thawte Server CA
  - Thawte Premium Server CA
  - America Online Root Certification Authority 1
  - America Online Root Certification Authority 2
* The following CA certificates had the Websites and Code Signing
  trust bits turned off:
  - Class 3 Public Primary Certification Authority - G2
  - Equifax Secure eBusiness CA-1
* The following CA certificates were Added:
  - COMODO RSA Certification Authority
  - USERTrust RSA Certification Authority
  - USERTrust ECC Certification Authority
  - GlobalSign ECC Root CA - R4
  - GlobalSign ECC Root CA - R5
* The version number of the updated root CA list has been set
  to 2.2

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes

The HG tag is NSS_3_17_3_RTM. NSS 3.17.3 requires NSPR 4.10.7 or newer.

NSS 3.17.3 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_3_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.17.3product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

please subscribe prior to posting to this list

[Kai Engert]

Hello everyone,

I understand there are several mechanisms for reading this list.
However, depending on the way you choose to post to this list, your post
may be stuck in a moderation queue until a moderator is able to approve
it.

If you'd like to ensure that your post goes to the list immediately, the
recommended approach is to subscribe to this list, using
https://lists.mozilla.org/listinfo/dev-tech-crypto
and sending your message using the same email address that you've used
to subscribe to the list.

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Information regarding NSS versions 3.16.2.x, 3.16.x, 3.17.x

[Kai Engert]

This message is to clarify the status of the latest NSS releases.

We'll shortly announce NSS 3.16.2.3

The motivation is to support the Firefox 31.x extended support release
(ESR) branch. The NSS 3.16.2.x releases still contain the set of root CA
certificates used by Firefox 31 ESR.

NSS 3.16.3 and newer contain an updated list of root CA certificates
with several legacy roots removed. Users of NSS 3.16.3/4/5/6 should
upgrade to the latest NSS 3.17.x release.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.3

Network Security Services (NSS) 3.16.2.3 is a patch release
for NSS 3.16, to fix a regression.

New functionality:
* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

New Macros:
* SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables
  TLS_FALLBACK_SCSV. Off by default.
* SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code.
* TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

The following bug has been resolved in NSS 3.16.2.3:
* Bug 1057161 - NSS hangs with 100% CPU on invalid EC key
* Bug 1036735 - Add support for draft-ietf-tls-downgrade-scsv

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.3_release_notes

The HG tag is NSS_3_16_2_3_RTM. NSS 3.16.2.3 requires NSPR 4.10.6 or
newer.

NSS 3.16.2.3 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_3_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.16.2.3 Release

[Kai Engert]

On Mon, 2014-10-27 at 14:59 +0100, Kai Engert wrote:
 The NSS Development Team announces the release of NSS 3.16.2.3
 
 Network Security Services (NSS) 3.16.2.3 is a patch release
 for NSS 3.16, to fix a regression.

Sorry, this paragraph should have said:

Network Security Services (NSS) 3.16.2.3 is a patch release
for NSS 3.16. It fixes a bug and contains a backport of the
TLS_FALLBACK_SCSV feature, which was originally made available in NSS
3.17.1.


 New functionality:
 * TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
   handshake is the result of TLS version fallback.
 
 New Macros:
 * SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables
   TLS_FALLBACK_SCSV. Off by default.
 * SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code.
 * TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a
   handshake is the result of TLS version fallback.
 
 The following bug has been resolved in NSS 3.16.2.3:
 * Bug 1057161 - NSS hangs with 100% CPU on invalid EC key
 * Bug 1036735 - Add support for draft-ietf-tls-downgrade-scsv
 
 The full release notes are available at
 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.3_release_notes
 
 The HG tag is NSS_3_16_2_3_RTM. NSS 3.16.2.3 requires NSPR 4.10.6 or
 newer.
 
 NSS 3.16.2.3 source distributions are also available on ftp.mozilla.org
 for secure HTTPS download:
 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_3_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Disable SSL 3 by default in NSS in April 2015.

[Kai Engert]

Because of the POODLE security vulnerability, it has been widely
suggested to disable SSL 3.

Unfortunately there are still deployments where SSL 3 is the only
supported version of SSL/TLS. 

Changing the default in NSS to disable SSL 3 will break applications
that rely on the NSS default and which don't offer configuration options
to override the NSS default.

Therefore we plan to keep SSL 3 enabled by default for another few
months, allowing everyone to migrate legacy applications, and/or to
enhance applications to add configuration mechanisms.

We plan to disable SSL 3 by default in all versions that will be
released after April 1st 2015.

We strongly recommend that applications implement configuration
mechanisms, allowing users to override the set of SSL/TLS protocol
versions enabled by the NSS library. In case of future incidents, should
additional protocol versions be considered insecure, it would allow the
NSS team to change the defaults with shorter notice, and it would
benefit applications that relied on the NSS library defaults.

For users of NSS that already use the new NSS shared database file
format (cert9.db/key4.db/pkcs11.txt): An enhancement is currently under
development, that will allow configuration of the ciphers and protocols
used by NSS for SSL/TLS, independently of application code, by editing
the NSS configuration file pkcs11.txt (see mozilla bug 1009429).

On behalf of the NSS development team


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Tue, 2014-10-21 at 01:40 +0200, Kai Engert wrote:
 On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
  Do you claim that Firefox 34 will continue to fall back to SSL 3 when
  necessary?
 
 Yes. If I understand correctly, it seems that Firefox indeed still falls
 back to SSL3, even with SSL3 disabled.

I'm sorry if I got this wrong, inspired by Florian's claim (still
falling back) and my quick reading of the code. Let's get this
clarified.

My reading of the source indicated that adjustForTLSIntolerance would
fall back until it reaches SSL3.

However, trying to connect to a SSL3-only server like
https://bod.bodmillenium.com using Firefox 33 and 36 fails (with min.tls
set to 1).

So hopefully I was wrong.

Thanks
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

So, let's get this clarified with test results.

I've tested Firefox 34 beta 1.

Because bug 1076983 hasn't landed on the beta branch yet, the current
Firefox 34 beta 1 still has SSL3 enabled.

With this current default configuration (SSL3 enabled), Firefox will
fall back to SSL3.

Then I used about:config and changed security.tls.version.min to 1
(which means TLSv1, thereby disabling SSL3).

With SSL3 disabled, Firefox 34 no longer falls back to SSL3.

When attempting to connect to a SSL3-only server, I see Firefox 34
attempting three connections, with TLS 1.2 {3,3}, TLS 1.1 {3,2} and TLS
1.0 {3,1}, but not SSL3.

In other words, with SSL3 disabled, Firefox 34 doesn't attempt a
fallback to use SSL3.

With these new results, it's no longer clear to me what Florian was
referring to.

On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote:
 Why is disabling SSL 3.0 acceptable, but getting rid of the broken
 fallback which will keep endangering users for a long time to come is
 not?

Florian, did you assume that Firefox would still fall back to SSl3?
That's not happening.
With SSL3 disabled, the intention, as I understand it, is to disable
SSL3 completely, not even using it when falling back.

On the other hand, Firefox will continue to fall back to non-disabled
versions of TLS (such as TLS 1.1 and TLS 1.0).

Is this what you're worried about?

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
 Do you claim that Firefox 34 will continue to fall back to SSL 3 when
 necessary?

Yes. If I understand correctly, it seems that Firefox indeed still falls
back to SSL3, even with SSL3 disabled.

I found 
  https://bugzilla.mozilla.org/show_bug.cgi?id=1083058
which intends to implement a preference to configure the oldest allowed
protocol version to fallback to, with a propose mininum of 1 (TLS1).

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Mon, 2014-10-20 at 16:45 -0700, Julien Pierre wrote:
 What is the purpose of Firefox continuing to do any fallback at all ?
 IMO, making a second connection with any lower version of SSL/TLS 
 defeats the intent of the SSL/TLS protocol, which have built-in defenses 
 against protocol version downgrade.
 Isn't it time this fallback gets eliminated at last ?

I'm stating what I found, I'm not making that decision.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Thu, 2014-10-16 at 10:31 -0700, Richard Barnes wrote:
 By now, you've probably heard about the POODLE attacks on SSLv3, and
 our decision to disable SSLv3 by default in Firefox 34 [1].  Several
 people have proposed that we also make this change in Firefox ESR 31.  
 
 So I wanted to propose that we also disable SSLv3 by default in ESR 31
 at about the same time as we do it in 34, that is, around November 25.
 
 If there are any objections or comments on that proposal, please raise
 them in this thread.

FYI, it's actually more than a proposal.

It has been clarified in the bug, disabling it in Firefox 31.3 is
already planned:
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983#c73

So, if you have any objections, please speak up.

Thanks
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote:
 A lot of this has already been hashed out on the IETF TLS WG mailing
 list, with a slightly different perspective.
 
 Why is disabling SSL 3.0 acceptable, but getting rid of the broken
 fallback which will keep endangering users for a long time to come is
 not?

Please let's make sure there are no misunderstandings.

Do you claim that Firefox 34 will continue to fall back to SSL 3 when
necessary?

I was hoping that Firefox 34 would completely disable SSL 3, no longer
accepting servers requesting to use that version, and no longer
initiating any SSL 3 connections, not even when falling back.

Did I understand incorrectly?

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.2

Network Security Services (NSS) 3.16.2.2 is a patch release
for NSS 3.16, to fix a regression.

No new functionality is introduced in this release.

The following bug has been resolved in NSS 3.16.2.2.
* Bug 1049435 - Importing an RSA private key fails if p  q

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.2_release_notes

The HG tag is NSS_3_16_2_2_RTM. NSS 3.16.2.2 requires NSPR 4.10.6 or
newer.

NSS 3.16.2.2 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_2_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.6 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.6

Network Security Services (NSS) 3.16.6 is a patch release
for NSS 3.16, to fix a regression.

No new functionality is introduced in this release.

The following bug has been resolved in NSS 3.16.6.
* Bug 1049435 - Importing an RSA private key fails if p  q

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.6_release_notes

The HG tag is NSS_3_16_6_RTM. NSS 3.16.6 requires NSPR 4.10.6 or newer.

NSS 3.16.6 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_6_RTM/src/



-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.2

Network Security Services (NSS) 3.17.2 is a patch release
for NSS 3.17, to fix a regression and other bugs.

No new functionality is introduced in this release.

The following bugs have been resolved in NSS 3.17.2.
* Bug 1049435 - Importing an RSA private key fails if p  q
* Bug 1057161 - NSS hangs with 100% CPU on invalid EC key
* Bug 1078669 - certutil crashes when using the --certVersion parameter 

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.2_release_notes

The HG tag is NSS_3_17_2_RTM. NSS 3.17.2 requires NSPR 4.10.7 or newer.

NSS 3.17.2 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_2_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.17.2product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.1

Network Security Services (NSS) 3.16.2.1 is a patch release
for NSS 3.16.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.16.2.1.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature Forgery in NSS

See also:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

The NSS development team would like to thank Antoine Delignat-Lavaud,
security researcher at Inria Paris in team Prosecco, and the Advanced
Threat Research team at Intel Security, who both independently
discovered and reported this issue, for responsibly disclosing the issue
by providing advance copies of their research.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.1_release_notes

The HG tag is NSS_3_16_2_1_RTM. NSS 3.16.2.1 requires NSPR 4.10.6 or
newer.

NSS 3.16.2.1 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_1_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.1

Network Security Services (NSS) 3.17.1 is a patch release
for NSS 3.17

The following security-relevant bugs have been resolved in NSS 3.17.1.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature Forgery in NSS

See also:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

The NSS development team would like to thank Antoine Delignat-Lavaud,
security researcher at Inria Paris in team Prosecco, and the Advanced
Threat Research team at Intel Security, who both independently
discovered and reported this issue, for responsibly disclosing the issue
by providing advance copies of their research.

New functionality:
* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

New Macros:
* SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables
  TLS_FALLBACK_SCSV. Off by default.
* SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code.
* TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

Notable Changes:
* Signature algorithms now use SHA-256 instead of SHA-1 by default.
* Added support for Linux on little-endian powerpc64.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes

The HG tag is NSS_3_17_1_RTM. NSS 3.17.1 requires NSPR 4.10.7 or newer.

NSS 3.17.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.17.1product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.5 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.5

Network Security Services (NSS) 3.16.5 is a patch release
for NSS 3.16.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.16.5.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature Forgery in NSS

See also:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

The NSS development team would like to thank Antoine Delignat-Lavaud,
security researcher at Inria Paris in team Prosecco, and the Advanced
Threat Research team at Intel Security, who both independently
discovered and reported this issue, for responsibly disclosing the issue
by providing advance copies of their research.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.5_release_notes

The HG tag is NSS_3_16_5_RTM. NSS 3.16.5 requires NSPR 4.10.6 or newer.

NSS 3.16.5 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_5_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Firefox 31, no way to override certain bad certs

[Kai Engert]

Hi,

it seems that Firefox 31 (caused by mozilla::pkix?) has introduced a
serious usability regression.

Firefox no longer allows to override bad certificate errors of routers
or other devices with a built in https web interface.

As reported in several bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063315
https://bugzilla.mozilla.org/show_bug.cgi?id=1042889
https://bugzilla.mozilla.org/show_bug.cgi?id=1063945 (by me)

it's impossible to connect to the web interface of routers, that use an
internal certificate which has become invalid.

I believe it's crucial that an override continues to be possible,
allowing administrators to use Firefox for their hardware
administration.

I'm particularly worried that this will cause lots of trouble when
enterprises migrate from Firefox 24 to Firefox 31 soon.

I think this should be fixed on the Firefox 31 branch.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: certutil - iPaddress SubjectAltName extension

[Kai Engert]

On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
 Is there any documentation available for '--extSAN' parameter? Mr. 
 Google did not find any helpful resource.

Look at the help output that certutil produces with the -H command:

  --extSAN type:name[,type:name]... 
  Create a Subject Alt Name extension with one or multiple names
  - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,
  other, registerid, rfc822, uri, x400, x400addr

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: certutil - iPaddress SubjectAltName extension

[Kai Engert]

On Mon, 2014-07-14 at 10:47 +0200, Bernhard Thalmayr wrote:
 What is the reason, why certutil supports 'dNSName' GeneralNames for 
 SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?

Do you refer to the command line parameters -7 and -8 ?
I don't know why this subset was chosen in the past.

However, just recently we added support for additional SAN variations
(in version 3.16.2), which provides the new parameter --extSAN.

Can you try it? If it doesn't work as expected, please let us know.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.3.

Network Security Services (NSS) 3.16.3 is a patch release for NSS 3.16.

This release consists primarily of CA certificate changes as listed
below, and fixes an issue with a recently added utility function.

New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added 
  in NSS 3.16.2, however, it wasn't declared in a public header file.)

Notable Changes:
* The following 1024-bit CA certificates were Removed
  - Entrust.net Secure Server Certification Authority
  - GTE CyberTrust Global Root
  - ValiCert Class 1 Policy Validation Authority
  - ValiCert Class 2 Policy Validation Authority
  - ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was Removed as
  requested by the CA:
  - TDC Internet Root CA
* The following CA certificates were Added:
  - Certification Authority of WoSign
  - CA 沃通根证书
  - DigiCert Assured ID Root G2
  - DigiCert Assured ID Root G3
  - DigiCert Global Root G2
  - DigiCert Global Root G3
  - DigiCert Trusted Root G4
  - QuoVadis Root CA 1 G3
  - QuoVadis Root CA 2 G3
  - QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
  - Class 3 Public Primary Certification Authority
  - Class 3 Public Primary Certification Authority
  - Class 2 Public Primary Certification Authority - G2
  - VeriSign Class 2 Public Primary Certification Authority - G3
  - AC Raíz Certicámara S.A.
  - NetLock Uzleti (Class B) Tanusitvanykiado
  - NetLock Expressz (Class C) Tanusitvanykiado

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes

The HG tag is NSS_3_16_3_RTM. NSS 3.16.3 requires NSPR 4.10.6 or newer.

NSS 3.16.3 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.16.3product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

NSS troubleshooting links

[Kai Engert]

I'm not aware of a troubleshooting reference for NSS.

Let's collect information on how to troubleshoot NSS at runtime.
Debugging tips, how to enable tracing of the various modules, etc.

I suggest to add to this page:
https://developer.mozilla.org/en-US/docs/NSS_troubleshooting

If you have anything to add, but don't want to create an account for the
wiki, please post email, and we can add it for you.

Thanks in advance for your contribution!
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16, which is
a minor release.

The HG tag is NSS_3_16_RTM. NSS 3.16 requires NSPR 4.10.3 or newer.
Support for the Linux x32 ABI requires NSPR 4.10.4 or newer.

The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
  character should not be embedded within the U-label of an
  internationalized domain name. See the last bullet point in RFC 6125,
  Section 7.2.

New functionality:
* Supports the Linux x32 ABI. To build for the Linux x32 target, set 
  the environment variable USE_X32=1 when building NSS.

New Functions:
* NSS_CMSSignerInfo_Verify

New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
  cipher suites that were first defined in SSL 3.0 can now be referred
  to with their official IANA names in TLS, with the TLS_ prefix.
  Previously, they had to be referred to with their names in SSL 3.0,
  with the SSL_ prefix.

Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
  environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
  ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
  evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
  test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
  adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
  text that aren't in base64 format.
* The certutil utility has been improved to support creation of 
  version 1 and version 2 certificates, in addition to the existing
  version 3 support.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes

NSS 3.16 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedproduct=NSStarget_milestone=3.16


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.15.5 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.15.5.

Network Security Services (NSS) 3.15.5 is a patch release for NSS 3.15.

New functionality:
* Added support for the TLS application layer protocol negotiation 
  (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and 
  SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) 
  should be used for application layer protocol negotiation.
* Added the TLS padding extension. The extension type value is 35655, 
  which may change when an official extension type value is assigned 
  by IANA. NSS automatically adds the padding extension to ClientHello 
  when necessary.
* Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting 
  the tail of a CERTCertList.

Notable Changes:
* Bug 950129: Improve the OCSP fetching policy when verifying OCSP
  responses
* Bug 949060: Validate the iov input argument (an array of PRIOVec 
  structures) of ssl_WriteV (called via PR_Writev). Applications should
  still take care when converting struct iov to PRIOVec because the 
  iov_len members of the two structures have different types 
  (size_t vs. int). size_t is unsigned and may be larger than int.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes

The HG tag is NSS_3_15_5_RTM. NSS 3.15.5 requires NSPR 4.10.2 or newer.

NSS 3.15.5 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_5_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.15.5product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Single Trusted OCSP Responder?

[Kai Engert]

On Do, 2014-01-30 at 10:37 +, Gervase Markham wrote: 
 Does anyone know how one might configure Firefox to have a Trusted OCSP
 Responder (i.e. to send all OCSP requests for any certificate to a
 single server, and trust whatever it returns)?
 
 This is the only docs I can find about it:
 https://wiki.mozilla.org/CA:OCSP-TrustedResponder
 but it does not explain how to do it, and Kathleen (the author of the
 doc) does not know.

You probably refer to the functionality and user interface that was
present in past versions of Firefox, but which got removed:
https://bugzilla.mozilla.org/show_bug.cgi?id=802302

The most recent software that still contained is probably Firefox 17
ESR. You could use it to check if that's the functionality you're
looking for.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: NSS OCSP stapling tests

[Kai Engert]

On Mi, 2014-01-08 at 16:34 -0800, Julien Pierre wrote: 
 The following still tests are still failing on the internal network on 
 Linux, though.
 
 tstclnt: TCP Connection failed: PR_IO_TIMEOUT_ERROR: I/O operation timed out
 chains.sh: #2452: Test that OCSP server is reachable - FAILED
 
 It could be because we have Internet DNS capability, but not direct 
 Internet TCP connectivity .
 Either way, it seems to me that even with the patch, the NSS test suite 
 still can't run properly on a private network.

Can you give more context of the test output? Which certificate is being
checked? Can you look at the details of the cert?

The connection attempts should go to your local host.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Hashing functions in Firefox OS

[Kai Engert]

On Di, 2013-12-17 at 16:02 +0100, Stéphanie Ouillon wrote: 
 I'm in the Firefox OS Security team and I'm starting working on adding
 support for stronger passwords in the Firefox OS lockscreen (bug 877541)
 [1].
 At the moment, only a 4-digit password can be configured and we want to
 improve that for FxOS 1.4 (March 2014).
 
 Some time ago, David Dahl provided on a patch for having hashing
 functions in Gecko: it's a JSM living next to the SettingsManager for
 FxOS [2]. Supported algorithms are sha256, sha384 and sha512.

It's not clear why you need something new.

I'd assume your device locking code is privileged code.
Can't you use nsICryptoHash?

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Some TLS servers are intolerant to SSL/TLS session caching

[Kai Engert]

Have you ever seen a TLS server that was incompatible with TLS session
IDs?

I helped to analyze bug 858394 (with the help of ssltap), where initial
connections to a TLS server work, but attempts to reconnect fail.

If the client includes a non-null session ID parameter in the client
hello message, the server immediately terminates the connection.

I reproduced the problem using ssltap (from NSS) and using the s_client
utility (from openssl).

It has been confirmed (using a custom build) that reconnecting with TLS
session caching disabled makes reconnections work.

Do you agree this is bug on the server side? Should we attempt to
identify which TLS toolkits and versions show this broken behaviour?

At least NSS/PSM currently don't expect such behaviour. We don't
automatically retry without a TLS session ID. Should we?

Regards
Kai

PS:

Bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=858394

How to reproduce: 
# ssltap -s -l 86.65.39.15:6697
# openssl s_client -connect 127.0.0.1:1924 -ssl3 -tls1 \
   -no_ssl2 -no_tls1_1 -no_tls1_2 -reconnect


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.15.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.15.4.

Network Security Services (NSS) 3.15.4 is a patch release for NSS 3.15.

The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 919877 - When false start is enabled, libssl will sometimes 
   return unencrypted, unauthenticated data from PR_Recv

New functionality:
* Implemented OCSP querying using the HTTP GET method, which is the new
default,
  and will fall back to the HTTP POST method.
* Implemented OCSP server functionality for testing purposes (httpserv
utility).
* Support SHA-1 signatures with TLS 1.2 client authentication.
* Added the --empty-password command-line option to certutil, to be used
  with -N: use an empty password when creating a new database.
* Added the -w command-line option to pp: don't wrap long output lines.

New Functions:
* CERT_ForcePostMethodForOCSP
* CERT_GetSubjectNameDigest
* CERT_GetSubjectPublicKeyDigest
* SSL_PeerCertificateChain
* SSL_RecommendedCanFalseStart
* SSL_SetCanFalseStartCallback

New Types
* CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix
will
  never attempt to use the HTTP GET method for OCSP requests; it will
always
  use POST.

Notable Changes:
* Reordered the cipher suites offered in SSL/TLS client hello messages
to match
  modern best practices.
* Updated the set of root CA certificates (version 1.96).
* Improved SSL/TLS false start. In addition to enabling the
  SSL_ENABLE_FALSE_START option, an application must now register a
callback
  using the SSL_SetCanFalseStartCallback function.
* When building on Windows, OS_TARGET now defaults to WIN95. To use the
WINNT
  build configuration, specify OS_TARGET=WINNT.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes

The HG tag is NSS_3_15_4_RTM. NSS 3.15.4 requires NSPR 4.10.2 or newer.

NSS 3.15.4 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_4_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.15.4product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: NSS OCSP stapling tests

[Kai Engert]

On Do, 2014-01-02 at 19:34 -0800, Julien Pierre wrote: 
 The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris 
 machines. See error log below.
 We have a slightly smaller number of failures on Linux.
 
 Are these tests going out to a public OCSP responder on the Internet ? 

For most of the errors you cited:
No, see https://bugzilla.mozilla.org/show_bug.cgi?id=811331

There are few errors that are indeed attempting to connect to the public
web, but those will be removed in 3.15.4:
https://bugzilla.mozilla.org/show_bug.cgi?id=936778

 Or are they trying to go to a locally built one ?

Yes, most of them are. Since 3.15 httpserv has the ability to run as an
OCSP server.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.15.3.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.15.3.1.

Network Security Services (NSS) 3.15.3.1 is a patch release for NSS 3.15.

No new major functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.15.3.1.
Users are encouraged to upgrade immediately.
* Bug 946351 - Misissued Google certificates from DCSSI

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3.1_release_notes

The HG tag is NSS_3_15_3_1_RTM. NSS 3.15.3.1 requires NSPR 4.10.2 or newer.

NSS 3.15.3.1 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_3_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.15.3.1product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.14.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.14.4.

Network Security Services (NSS) 3.14.4 is a patch release for NSS 3.14.

No new major functionality is introduced in this release.
This release is a patch release to address CVE-2013-1739.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes

The CVS tag is NSS_3_14_4_RTM. NSS 3.14.4 requires NSPR 4.9.5 or newer.

NSS 3.14.4 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_14_4_RTM/src/

Bugs fixed in NSS 3.14.4:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=894370%2C832942%2C863947bug_id_type=anyexactlist_id=8338081resolution=FIXEDclassification=Componentsquery_format=advancedproduct=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Removal of generateCRMFRequest

[Kai Engert]

On Thu, 2013-09-26 at 16:29 -0700, Brian Smith wrote: 
 On Mon, Apr 8, 2013 at 2:52 AM, helpcrypto helpcrypto
 helpcry...@gmail.com wrote:
 
  While awaiting to http://www.w3.org/TR/WebCryptoAPI/ Java applets for
  client signning, signText and keygen are needed.
  Also things like Handling smart card events or Loading PKCS #11
  modules is being use by many.
  So, you _CANT_ remove
  https://developer.mozilla.org/en-US/docs/JavaScript_crypto
 
  If you want/need more detailed discussions, dont hesitate to ask me.
 
 Hi,
 
 Yes, I am interested in hearing why you think we cannot remove these 
 functions.

Because they serve a purpose. Removing them is unfriendly and
counterproductive.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: DetecTor - client side detection of MITM, server impersonation, CA compromise

[Kai Engert]

On Mon, 2013-09-16 at 22:47 +0200, Kai Engert wrote: 
 DetecTor is an open source project to implement client side SSL/TLS MITM
 detection, compromised CA detection and server impersonation detection,
 by making use of the Tor network.

The integration of transparent client side probing into the NSS SSL
library code will take more time (and of course will trigger additional
future discussion, whether it actually should be integrated at all, or
how).

However, I've made progress regarding the server monitoring proposal.

I've updated the sphere-probe utility to support continuous probing of
services for unexpected certificates, and calling a user defined script
for alerting.

It's still an early version of the software and I'm looking for feedback
and testing. The tool could be used to monitor your own server for
network level attacks, such as:
- an attacker being close to your server and intercepting 
  requests to your server
- global DNS manipulation to redirect requests to a server 
  controlled by an adversary.

The tool uses the existing Tor network for probing from multiple remote
network locations (Tor exit nodes), and compare the certificate used by
a server against a local list of one or multiple expected certificates.

The sphere-probe utility (beta) is based on NSS and is available for
download from the http://detector.io project page. (Tested on Linux,
only, and you'll have to build it yourself, step by step instructions
available in the README.)

I'm looking forward to your feedback!

There's also a new mailing list available, for discussing the project.
I'll do most future announcements and project updates on the new list.

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

DetecTor - client side detection of MITM, server impersonation, CA compromise

[Kai Engert]

I've started yet another project to solve the right key problem.

DetecTor is an open source project to implement client side SSL/TLS MITM
detection, compromised CA detection and server impersonation detection,
by making use of the Tor network.

In short, make use of the existing Tor network, perform multiple
connections to the destination server through multiple routes, check for
consistency in the use of certificates, and either fail or proceed
automatically, without user interaction.

The detailed description of the idea, including suggestions for the
handling of edge cases, can be found at http://detector.io/

I propose to create an implementation that transparently integrates this
functionality into the NSS library, without requiring application
changes. (Trigger the probing on the application's attempt to connect,
delay the connection by returning the would block status until the
probing has completed, then fail early if the probing result isn't
satisfactory.)

Activation of this new behaviour could potentially be driven by an
environment variable or by a compile time option. (Details or alternate
integration proposals can be discussed at a later time, once this
project move forward.)

In order to make this approach possible, we must tunnel TLS connections
through a SOCKS5 proxy (which is the interface the existing Tor project
software offers).

I've ported Necko's SOCKS5 C++ implementation to plain C and propose it
for integration into either NSS or NSPR, see
https://bugzilla.mozilla.org/show_bug.cgi?id=916947

Looking forward to your feedback.

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: downloading NSS

[Kai Engert]

On Wed, 2013-08-07 at 17:12 +, James Burton wrote: 
 Hi,
 
 I would like to know were i could download Netscape Security Library which 
 Mozilla NSS was build on.

This page attempts to collect a small selection of links to get you
started: http://nss-crypto.org/

However, the official project page is at:
https://developer.mozilla.org/en-US/docs/NSS

This page describes how to get the source code and how to use it:
https://developer.mozilla.org/en-US/docs/NSS_Sources_Building_Testing

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How to programmatically Add Exception on Servers tab in Certificate Manager.

[Kai Engert]

On Tue, 2013-08-06 at 09:41 -0700, epva...@gmail.com wrote: 
 So, how can I Add Exception using NSS tools? I'm able to get the cert
 installed in a way that doesn't work using this command:

You cannot. The exceptions feature has been added at the Mozilla
application layer, above NSS. The host specific exceptions aren't stored
by NSS.

If you want to add them programmatically, you could do it from Add-On
code.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Security Issues

[Kai Engert]

On Thu, 2013-07-18 at 10:31 +0200, Nilakantha Paudel[NILU] wrote: 
 I am involving in research of web security. More precisely Nowadays I am
 working on KEYGEN keyword of HTML5. I tried to navigate to the block of
 source code where it works with this keyword KEYGEN of HTML5.But I could
 not find out the special block of source code for this purpose.So I would
 like to request to all of you for the files names and block of code where
 this operation performs in the source code of Mozilla Firefox. Would you
 please help me.


Hi Nilu,

start reading here:
http://mxr.mozilla.org/mozilla-central/ident?i=nsKeygenFormProcessortree=mozilla-centralfilter=

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Where is NSS used?

[Kai Engert]

On Wed, 2013-07-10 at 11:20 -0700, Robert Relyea wrote: 
 On 07/08/2013 12:00 PM, Rick Andrews wrote:
 What context are you talking about? If you remove the roots from firefox 
 using the firefox UI, it won't remove the roots for other applications. 

I guess Rick talks about getting it removed from the master root CA list
maintained by Mozilla.

Ryan already gave helpful hints on what to consider. Any change to the
list eventually gets wide distribution. Many applications and open
source projects use that list, as a recommended set of root CA
certificates and trust flags - with NSS or independent of NSS.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto