Source code

Revision control

Copy as Markdown

Other Tools

.. _mozilla_projects_nss_nss_3_55_release_notes:
NSS 3.55 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The NSS team has released Network Security Services (NSS) 3.55 on **24 July 2020**, which is a
minor release.
The NSS team would like to recognize first-time contributors:
- Danh
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_55_RTM. NSS 3.55 requires NSPR 4.27 or newer.
NSS 3.55 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
Other releases are available :ref:`mozilla_projects_nss_nss_releases`.
.. _notable_changes_in_nss_3.55:
`Notable Changes in NSS 3.55 <#notable_changes_in_nss_3.55>`__
--------------------------------------------------------------
.. container::
- P384 and P521 elliptic curve implementations are replaced with verifiable implementations from
`ECCKiila <https://gitlab.com/nisec/ecckiila/>`__. Special thanks to the Network and
Information Security Group (NISEC) at Tampere University.
- PK11_FindCertInSlot is added. With this function, a given slot can be queried with a
DER-Encoded certificate, providing performance and usability improvements over other
more details.
- DTLS 1.3 implementation is updated to draft-38. See `Bug
- NSPR dependency updated to 4.27.
.. _known_issues:
`Known Issues <#known_issues>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- On some platforms, using the Makefile builds fails to locate seccomon.h; ensure you are using
make all rather than just make. Another potential workaround is to use the gyp-based build.sh
script. If this affects you, please help us narrow down the cause in `Bug
.. _bugs_fixed_in_nss_3.55:
`Bugs fixed in NSS 3.55 <#bugs_fixed_in_nss_3.55>`__
----------------------------------------------------
.. container::
CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from
assertion in VFY_EndWithSignature.
Remove unnecessary scalar padding.
Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
bytes (sanitizer fix).
bytes (sanitizer fix).
bytes (sanitizer fix).
bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED.
makefile builds.
PK11_FindCertInSlot to search a given slot for a DER-encoded certificate.
NSC_GetTokenInfo.
implementation to draft-38.
ocsp tests under standard test cycle in CI.
tests.
IV requirements for DES and 3DES.
PKCS#1 v1.5 padding length in RSA_CheckSignRecover.
with -Werror=strict-prototypes.
schemes for certificates in the signature_algorithms extension.
version to 4.27.
This Bugzilla query returns all the bugs fixed in NSS 3.55:
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.55 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.55 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible with future versions of
the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report with
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).