Oracle still ships NSS with many products even though we are no longer
actively involved with its development. We do pick up new releases from
time to time. We picked up 3.13.x last year and I'm looking into picking
up 3.14 .
The following changes may be problematic :
1) * New default cipher suites
( https://bugzilla.mozilla.org/show_bug.cgi?id=792681 )
The default cipher suites in NSS 3.14 have been changed to better
reflect the current security landscape. The defaults now better match
the set that most major Web browsers enable by default.
This doesn't just affect browsers. There are other client apps that were
written with the existing defaults in mind.
I could understand if this change was only about removing cipher suites
that have had vulnerabilities removed from the default list. But this
not the case, and some ciphers were also added.
It would appear to be a binary compatibility problem. Some applications
may not behave as intended without both a source change and
recompilation, ie. some ciphers will be enabled when they are not
expected to be.
This change will break one of the test suites we have with our web
server and traffic director applications, in particular.
If this change was done in order to save a few lines of code in the
browser at the cost of breaking existing applications, it doesn't seem
like a good tradeoff.
In the past, binary compatibility was always maintained for minor NSS
releases. Was it the deliberate intent of NSS 3.14 to break binary
compatibility ?
2)
- The NSS license has changed to MPL 2.0. Previous releases were
released under a MPL 1.1/GPL 2.0/LGPL 2.1 tri-license. For more
information about MPL 2.0, please see
http://www.mozilla.org/MPL/2.0/FAQ.html. For an additional explantation
on GPL/LGPL compatibility, see security/nss/COPYING in the source code.
This may be a serious problem also, but IANAL, so that is not for me to
decide.
3)* Support for TLS 1.1 (RFC 4346) has been added
( https://bugzilla.mozilla.org/show_bug.cgi?id=565047 )
To better support TLS 1.1 and future versions of TLS, a new version
range API was introduced to allow applications to specify the desired
minimum and maximum versions. These functions are intended to replace
the now-deprecated use of the SSL_ENABLE_SSL3 and SSL_ENABLE_TLS socket
options.
Q: will unmodified applications that use the deprecated interfaces still
continue to work identically ? This appears to be the case from reading the
above bug, but I want to make sure that is correct.
4) SSL PKCS#11 bypass is now conditionally built.
https://bugzilla.mozilla.org/show_bug.cgi?id=745281
I understand that nobody but Oracle is using bypass at this time. I
appreciate the efforts not to delete the code altogether.
I would like to know if the bypass feature got tested when the patch was
created, and whether it will still be getting tested at all going
forward other than at Oracle.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto