The NSS team has released Network Security Services (NSS) 3.27, which is a minor release.
Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. New functionality: * Allow custom named group priorities for TLS key exchange handshake (SSL_NamedGroupConfig). * Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3 New Functions: * SSL_NamedGroupConfig Notable Changes: * NPN can not be enabled anymore. * Hard limits on the maximum number of TLS records encrypted with the same key are enforced. * Disabled renegotiation in DTLS. * The following CA certificates were Removed - CN = IGC/A, O = PM/SGDN, OU = DCSSI - CN = Juur-SK, O = AS Sertifitseerimiskeskus - CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı - CN = S-TRUST Authentication and Encryption Root CA 2005:PN - O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority - O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2 - O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority - O = Equifax, OU = Equifax Secure Certificate Authority - CN = Equifax Secure eBusiness CA-1 - CN = Equifax Secure Global eBusiness CA-1 The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes The HG tag is NSS_3_27_RTM. NSS 3.27 requires NSPR 4.13 or newer. NSS 3.27 source distributions are available for secure download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.27 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto