NSS 3.75 Release
26 views
Skip to first unread message
John Schanck
Feb 3, 2022, 2:37:05 PM2/3/22
to dev-tec...@mozilla.org
Dear all,
Network Security Services (NSS) 3.75 was released on 03 February 2022.
The HG tag is NSS_3_75_RTM. This version of NSS requires NSPR 4.32 or newer.
NSS 3.75 source distributions are available on ftp.mozilla.org for
secure HTTPS download:
<https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_75_RTM/src/>
Changes:
- Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI.
- Bug 1749794 - Make DottedOIDToCode.py compatible with python3.
- Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Bug 1748386 - Remove redundant key type check.
- Bug 1749869 - Update ABI expectations to match ECH changes.
- Bug 1748386 - Enable CKM_CHACHA20.
- Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
- Bug 1747310 - real move assignment operator.
- Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
- Bug 1743302 - Add ECDSA test vectors to the bltest command line tool.
- Bug 1747772 - Allow to build using clang's integrated assembler.
- Bug 1321398 - Allow to override python for the build.
- Bug 1747317 - test HKDF output rather than input.
- Bug 1747316 - Use ASSERT macros to end failed tests early.
- Bug 1747310 - move assignment operator for DataBuffer.
- Bug 1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
- Bug 1725938 - Update tests for ECH-13.
- Bug 1725938 - Tidy up error handling.
- Bug 1728281 - Add tests for ECH HRR Changes.
- Bug 1728281 - Server only sends GREASE HRR extension if enabled
by preference.
- Bug 1725938 - Update generation of the Associated Data for ECH-13.
- Bug 1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
- Bug 1712879 - Allow for compressed, non-contiguous, extensions.
- Bug 1712879 - Scramble the PSK extension in CHOuter.
- Bug 1712647 - Split custom extension handling for ECH.
- Bug 1728281 - Add ECH-13 HRR Handling.
- Bug 1677181 - Client side ECH padding.
- Bug 1725938 - Stricter ClientHelloInner Decompression.
- Bug 1725938 - Remove ECH_inner extension, use new enum format.
- Bug 1725938 - Update the version number for ECH-13 and adjust the
ECHConfig size.
NSS 3.75 shared libraries are backwards-compatible with all older NSS
3.x shared libraries. A program linked with older NSS 3.x shared
libraries will work with this new version of the shared libraries
without recompiling or relinking. Furthermore, applications that
restrict their use of NSS APIs to the functions listed in NSS Public
Functions will remain compatible with future versions of the NSS
shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
A copy of these release notes will be available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>
though you should expect a small delay.
Best,
John
Network Security Services (NSS) 3.75 was released on 03 February 2022.
The HG tag is NSS_3_75_RTM. This version of NSS requires NSPR 4.32 or newer.
NSS 3.75 source distributions are available on ftp.mozilla.org for
secure HTTPS download:
<https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_75_RTM/src/>
Changes:
- Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI.
- Bug 1749794 - Make DottedOIDToCode.py compatible with python3.
- Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Bug 1748386 - Remove redundant key type check.
- Bug 1749869 - Update ABI expectations to match ECH changes.
- Bug 1748386 - Enable CKM_CHACHA20.
- Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
- Bug 1747310 - real move assignment operator.
- Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
- Bug 1743302 - Add ECDSA test vectors to the bltest command line tool.
- Bug 1747772 - Allow to build using clang's integrated assembler.
- Bug 1321398 - Allow to override python for the build.
- Bug 1747317 - test HKDF output rather than input.
- Bug 1747316 - Use ASSERT macros to end failed tests early.
- Bug 1747310 - move assignment operator for DataBuffer.
- Bug 1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
- Bug 1725938 - Update tests for ECH-13.
- Bug 1725938 - Tidy up error handling.
- Bug 1728281 - Add tests for ECH HRR Changes.
- Bug 1728281 - Server only sends GREASE HRR extension if enabled
by preference.
- Bug 1725938 - Update generation of the Associated Data for ECH-13.
- Bug 1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
- Bug 1712879 - Allow for compressed, non-contiguous, extensions.
- Bug 1712879 - Scramble the PSK extension in CHOuter.
- Bug 1712647 - Split custom extension handling for ECH.
- Bug 1728281 - Add ECH-13 HRR Handling.
- Bug 1677181 - Client side ECH padding.
- Bug 1725938 - Stricter ClientHelloInner Decompression.
- Bug 1725938 - Remove ECH_inner extension, use new enum format.
- Bug 1725938 - Update the version number for ECH-13 and adjust the
ECHConfig size.
NSS 3.75 shared libraries are backwards-compatible with all older NSS
3.x shared libraries. A program linked with older NSS 3.x shared
libraries will work with this new version of the shared libraries
without recompiling or relinking. Furthermore, applications that
restrict their use of NSS APIs to the functions listed in NSS Public
Functions will remain compatible with future versions of the NSS
shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
A copy of these release notes will be available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>
though you should expect a small delay.
Best,
John
Reply all
Reply to author
Forward
0 new messages