[ANNOUNCE] NSS 3.41 Release

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ANNOUNCE] NSS 3.41 Release

The NSS team has released Network Security Services (NSS) 3.41, which is a minor

New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:

Notable changes:
* The following CA certificates were added:
    CN = Certigna Root CA
    CN = GTS Root R1
    CN = GTS Root R2
    CN = GTS Root R3
    CN = GTS Root R4
    CN = UCA Global G2 Root
    CN = UCA Extended Validation Root

* The following CA certificates were removed:
    CN = AC Raíz Certicámara S.A.
    CN = Certplus Root CA G1
    CN = Certplus Root CA G2
    CN = OpenTrust Root CA G1
    CN = OpenTrust Root CA G2
    CN = OpenTrust Root CA G3

Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
  Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3

Please refer to the release notes for the complete list of changes:

The HG tag is NSS_3_41_RTM. NSS 3.41 requires NSPR 4.20 or newer.

NSS 3.41 source distributions are available on ftp.mozilla.org for secure HTTPS download:

A complete list of all bugs resolved in this release can be obtained at
dev-tech-crypto mailing list
[hidden email]