The NSS Development Team announces the release of NSS 3.16.2.3 Network Security Services (NSS) 3.16.2.3 is a patch release for NSS 3.16, to fix a regression.
New functionality: * TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a handshake is the result of TLS version fallback. New Macros: * SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables TLS_FALLBACK_SCSV. Off by default. * SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code. * TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a handshake is the result of TLS version fallback. The following bug has been resolved in NSS 3.16.2.3: * Bug 1057161 - NSS hangs with 100% CPU on invalid EC key * Bug 1036735 - Add support for draft-ietf-tls-downgrade-scsv The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.3_release_notes The HG tag is NSS_3_16_2_3_RTM. NSS 3.16.2.3 requires NSPR 4.10.6 or newer. NSS 3.16.2.3 source distributions are also available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_3_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
