[ANNOUNCE] NSS 3.43 Release

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ANNOUNCE] NSS 3.43 Release

JC Jones
The NSS team has released Network Security Services (NSS) 3.43 on 16 March 2019,
which is a minor release.

The HG tag is NSS_3_43_RTM. NSS 3.43 requires NSPR 4.21 or newer.

NSS 3.43 source distributions are available on ftp.mozilla.org for secure
HTTPS download:


New Functionality:
 * in sechash.h
    HASH_GetHashOidTagByHashType - convert type HASH_HashType to type SECOidTag

 * in sslexp.h
    SSL_SendCertificateRequest - allow server to request post-handshake client
    authentication. To use this both peers need to enable the
    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is
    present, post-handshake authentication is currently not TLS 1.3 compliant
    due to Bug 1532312

Notable changes:
 * The following CA certificates were Added:
  - CN = emSign Root CA - G1
    SHA-256 Fingerprint: 40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367

  - CN = emSign ECC Root CA - G3
    SHA-256 Fingerprint: 86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B

  - CN = emSign Root CA - C1
    SHA-256 Fingerprint: 125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F

  - CN = emSign ECC Root CA - C3
    SHA-256 Fingerprint: BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3

  - CN = Hongkong Post Root CA 3
    SHA-256 Fingerprint: 5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6

Bugs fixed in NSS 3.43
 * Bug 1528669 and Bug 1529308 - Improve Gyp build system handling

 * Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird

 * Bug 1530134 - If Docker isn't installed, try running a local clang-format
                 as a fallback

 * Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag
                 is set

 * Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes

 * Bug 1513909 - Add manual for nss-policy-check

 * Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue

 * Bug 1517714 - Properly handle ESNI with HRR

 * Bug 1529813 - Expose HKDF-Expand-Label with mechanism

 * Bug 1535122 - Align TLS 1.3 HKDF trace levels

 * Bug 1530102 - Use getentropy on compatible versions of FreeBSD

This Bugzilla query returns all the bugs fixed in NSS 3.43:

Please refer to the release notes for the complete list of changes:
dev-tech-crypto mailing list
[hidden email]