NSS 3.116 Release
24 views
Skip to first unread message
John Schanck
Sep 11, 2025, 6:13:17 PMSep 11
to dev-tec...@mozilla.org
Network Security Services (NSS) 3.116 was released on 11 September 2025.
The HG tag is NSS_3_116_RTM. This version of NSS requires NSPR
4.35 or newer. The latest version of NSPR is 4.37.
NSS 3.116 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_116_RTM/src/>
Changes:
- Bug 1983308 - disable DSA in NSS script tests.
- Bug 1983308 - Disabling of some algorithms: generic cert.sh.
- Bug 1981046 - Need to update to new mechanisms.
- Bug 1983320 - Add ML-DSA public key printing support in NSS command-line utilities.
- Bug 1986802 - note embedded scts before revocation checks are performed.
- Bug 1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface.
- Bug 1983320 - Add support for ML-DSA key type and public key structure.
- Bug 1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag.
- Bug 1983308 - disable kyber.
- Bug 1965329 - Implement PKCS #11 v3.2 PQ functions (use verify signature).
- Bug 1983308 - Disable dsa - gtests.
- Bug 1983313 - make group and scheme support in test tools generic.
- Bug 1983770 - Create GH workflow to automatically close PRs.
- Bug 1983308 - Disable dsa - base code.
- Bug 1983308 - Disabling of some algorithms: remove dsa from pk11_mode.
- Bug 1983308 - Disable seed and RC2 bug fixes.
- Bug 1982742 - restore support for finding certificates by decoded serial number.
- Bug 1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.
- Bug 1983399 - lib/softtoken/{sdb.c,sftkdbti.h}: Align sftkdb_known_attributes_size type.
- Bug 1965329 - Use PKCS #11 v3.2 KEM mechanisms and functions.
NSS 3.116 shared libraries are backwards-compatible with all
older NSS 3.x shared libraries. A program linked with older NSS
3.x shared libraries will work with this new version of the
shared libraries without recompiling or relinking. Furthermore,
applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
The HG tag is NSS_3_116_RTM. This version of NSS requires NSPR
4.35 or newer. The latest version of NSPR is 4.37.
NSS 3.116 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
<https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_116_RTM/src/>
Changes:
- Bug 1983308 - disable DSA in NSS script tests.
- Bug 1983308 - Disabling of some algorithms: generic cert.sh.
- Bug 1981046 - Need to update to new mechanisms.
- Bug 1983320 - Add ML-DSA public key printing support in NSS command-line utilities.
- Bug 1986802 - note embedded scts before revocation checks are performed.
- Bug 1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface.
- Bug 1983320 - Add support for ML-DSA key type and public key structure.
- Bug 1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag.
- Bug 1983308 - disable kyber.
- Bug 1965329 - Implement PKCS #11 v3.2 PQ functions (use verify signature).
- Bug 1983308 - Disable dsa - gtests.
- Bug 1983313 - make group and scheme support in test tools generic.
- Bug 1983770 - Create GH workflow to automatically close PRs.
- Bug 1983308 - Disable dsa - base code.
- Bug 1983308 - Disabling of some algorithms: remove dsa from pk11_mode.
- Bug 1983308 - Disable seed and RC2 bug fixes.
- Bug 1982742 - restore support for finding certificates by decoded serial number.
- Bug 1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.
- Bug 1983399 - lib/softtoken/{sdb.c,sftkdbti.h}: Align sftkdb_known_attributes_size type.
- Bug 1965329 - Use PKCS #11 v3.2 KEM mechanisms and functions.
NSS 3.116 shared libraries are backwards-compatible with all
older NSS 3.x shared libraries. A program linked with older NSS
3.x shared libraries will work with this new version of the
shared libraries without recompiling or relinking. Furthermore,
applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible
with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at
<https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Release notes are available at
<https://firefox-source-docs.mozilla.org/security/nss/releases/index.html>.
Reply all
Reply to author
Forward
0 new messages