by email@example.com (2018-02-08):
- update to NSS 3.35
* TLS 1.3 support has been updated to draft -23. This includes a
large number of changes since 3.34, which supported only draft
- 18. See below for details.
* SSLHandshakeType - The type of a TLS handshake message.
* For the SSLSignatureScheme enum, the enumerated values
ssl_sig_rsa_pss_sha* are deprecated in response to a change in
TLS 1.3. Please use the equivalent ssl_sig_rsa_pss_rsae_sha*
for rsaEncryption keys, or ssl_sig_rsa_pss_pss_sha* for PSS keys.
Note that this release does not include support for the latter.
* Previously, NSS used the DBM file format by default. Starting
with version 3.35, NSS uses the SQL file format by default.
Additional information can be found on this Fedora Linux project
* Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
* For stronger security, when creating encrypted PKCS#7 or PKCS#12 data,
the iteration count for the password based encryption algorithm
has been increased to one million iterations. Note that debug builds
will use a lower count, for better performance in test environments.
* NSS 3.30 had introduced a regression, preventing NSS from reading
some AES encrypted data, produced by older versions of NSS.
NSS 3.35 fixes this regression and restores the ability to read
* The following CA certificates were Removed:
OU = Security Communication EV RootCA1
CN = CA Disig Root R1
CN = DST ACES CA X6
Subject CN = VeriSign Class 3 Secure Server CA - G2
* The Websites (TLS/SSL) trust bit was turned off for the following
CN = Chambers of Commerce Root
CN = Global Chambersign Root
* TLS servers are able to handle a ClientHello statelessly, if the
client supports TLS 1.3. If the server sends a HelloRetryRequest,
it is possible to discard the server socket, and make a new socket
to handle any subsequent ClientHello. This better enables stateless
server operation. (This feature is added in support of QUIC, but it
also has utility for DTLS 1.3 servers.)
* The tstclnt utility now supports DTLS, using the -P option. Note that
a DTLS server is also provided in tstclnt.
* TLS compression is no longer possible with NSS. The option can be
enabled, but NSS will no longer negotiate compression.
* The signatures of functions SSL_OptionSet, SSL_OptionGet,
SSL_OptionSetDefault and SSL_OptionGetDefault have been modified,
to take a PRIntn argument rather than PRBool. This makes it clearer,
that options can have values other than 0 or 1. Note this does
not affect ABI compatibility, because PRBool is a typedef for PRIntn.