The NSS team has released Network Security Services (NSS) 3.19, which is a minor release.
New functionality: * For some certificates, such as root CA certificates, that don't embed any constraints, NSS might impose additional constraints, such as name constraints. A new API has been added that allows to lookup imposed constraints. * It is possible to override the directory in which the NSS build system will look for the sqlite library. New Functions: * CERT_GetImposedNameConstraints Notable Changes: * The SSL 3 protocol has been disabled by default. * NSS now more strictly validates TLS extensions and will fail a handshake that contains malformed extensions. * Fixed a bug related to the ordering of TLS handshake messages. * In TLS 1.2 handshakes, NSS advertises support for the SHA512 hash algorithm, in order to be compatible with TLS servers that use certificates with a SHA512 signature. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes The HG tag is NSS_3_19_RTM. NSS 3.19 requires NSPR 4.10.8 or newer. NSS 3.19 source distributions are also available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.19&product=NSS -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
