[dev-tech-crypto] NSS 3.88 Release

30 views
Skip to first unread message

Anna Weine

unread,
Feb 9, 2023, 12:42:06 PM2/9/23
to dev-tec...@mozilla.org
Dear all,

Network Security Services (NSS) 3.88 was released on 9 February 2023.

The HG tag is NSS_3_88_RTM. This version of NSS requires NSPR 4.35 or newer.

NSS 3.88 source distributions are available on ftp.mozilla.org for
secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_88_RTM/src/>

Changes:
   - Bug 1815870 - use a different treeherder symbol for each docker image build task.
   - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images
   - Bug 1810702 - remove nested table in rst doc
   - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
   - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32. r=nss-reviewers,mt
   - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests
   - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim.
   - Bug 1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup.
   - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm.
   - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test.
   - Bug 1771100 - Added Bogo ECH rejection test support.
   - Bug 1771100 - Added ECH 0Rtt support to BoGo shim.
   - Bug 1747957 - RSA OAEP Wycheproof JSON
   - Bug 1747957 - RSA decrypt Wycheproof JSON
   - Bug 1747957 - ECDSA Wycheproof JSON
   - Bug 1747957 - ECDH Wycheproof JSON
   - Bug 1747957 - PKCS#1v1.5 wycheproof json
   - Bug 1747957 - Use X25519 wycheproof json
   - Bug 1766767 - Move scripts to python3
   - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz.
   - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384)
   - Bug 1804091 NSS needs to move off of DSA for integrity checks
   - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust
   - Bug 1806369 - Don't clone libFuzzer, rely on clang instead

NSS 3.88 shared libraries are backwards-compatible with all older NSS
3.x shared libraries. A program linked with older NSS 3.x shared
libraries will work with this new version of the shared libraries
without recompiling or relinking. Furthermore, applications that
restrict their use of NSS APIs to the functions listed in NSS Public
Functions will remain compatible with future versions of the NSS
shared libraries.

Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>

Release notes will be available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>
though you should expect a small delay.

Best,
Anna
Reply all
Reply to author
Forward
0 new messages