Re: DarkMatter CA

[Kai Engert]

On 20.02.19 21:36, Leonardo Porpora via dev-tech-crypto wrote:
> I have read about the possibility that you add the DarkMatters's CA in 
> Firefox, I really hope that it will not happen as it will write the end of 
> privacy and humans rights. I don't know if this is the right email to write 
> to please forgive me if it is not. (In that case could you gimme an email or 
> place where I can discuss about it?)

Hello Leonardo,

the best place to discuss CA inclusion topics is Mozilla's
dev-security-policy mailing list. I see this specific topic is actively
being discussed, see the list archives.

https://lists.mozilla.org/listinfo/dev-security-policy

Regards
Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.41.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.41.1,
which is a patch release for NSS 3.41.

It fixes the following bugs:
* Bug 1507135 and Bug 1507174 - Add additional null checks to
  several CMS functions to fix a rare CMS crash.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes

The HG tag is NSS_3_41_1_RTM. NSS 3.41.1 requires NSPR 4.20 or newer.

NSS 3.41.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_41_1_RTM/src/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Debug info on NSS tools

[Kai Engert]

Does this page help?
You might need a debug build (i.e. build yourself with debugging enabled).

https://wiki.mozilla.org/NSS:Tracing

Kai

On 03.01.19 13:51, John Jiang wrote:
> Just tried it, but looked not work.
> 
> $ export SSLDEBUG=1
> $ export SSLTRACE=127
> $ tstclnt -v ...
> I didn't get more logs.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: S/MIME X509 certificate requirements for Thunderbird 60.x

[Kai Engert]

On 23.11.18 12:58, Martin Büchler wrote:
> That is exactly what I am looking for: Where are the certificate requirements 
> specified other than in TB source code? I then would like to instruct our PKI 
> to add/change missing extensions, fields, or anticipated X500 name formats. 

I agree it would be useful to have this kind of documentation, like a
wiki page.

In your case, your certificate is apparently missing the
  "Certificate Basic Constraints"
extension, which makes it clear if a certificate is a CA, or not a CA.

Could you try adding it? (With CA: false)

I think NSS is unwilling to accept certificates without that statement,
as in the past, as a missing extension was used to trick software into
assuming a certificate could be used as a CA.

BTW, you aren't subscribed to this list, which causes your messages to
get stuck in the moderation queue, until someone reviews that queue. I
didn't see your message until today.

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

S/MIME X509 certificate requirements for Thunderbird 60.x

[Kai Engert]

On 22.11.18 17:38, mbch...@gmail.com wrote:
> Now, I want to import a certificate, originally created by our company PKI as 
> SSL-Client certificate for use with Cisco Anyconnect VPN clients.
> 
> I realized that it differs in its DN format, misses explicit mail 
> sing/encryption flags and has additional subject alternative names. 
> 
> Two of my company email addresses are contained as 
> 
>   1. "Subject: CN = @" 
>   2."X509v3 Subject Alternative Name: DNS:vpn., 
> email:@
> 
> I was trying to figure out why Thunderbird refuses to accept this cert for 
> use with either

How did you learn that TB refused it?

In account settings, security tab (not openpgp security tab), if you
click a select button, does TB offer you to use that certificate?

If it isn't offered, your certificate doesn't have the properties that
TB expects. It would be helpful to see a full dump of the properties of
your certificate. Does it include a certificate key usage extension that
allows both digital signature and data encipherment?

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.36.5 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.36.5,
which is a patch release for NSS 3.36.

It fixes the following bug:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes

The HG tag is NSS_3_36_5_RTM. NSS 3.36.5 requires NSPR 4.19 or newer.

NSS 3.36.5 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_36_5_RTM/src/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.39 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.39,
which is a minor release.

Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

New functionality:
* The tstclnt and selfserv utilities added support for configuring
  the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
  these keys is disabled by default but can be enabled using
  SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
  an NSS key database.
* Added the nss-policy-check utility, which can be used to check
  an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.

Notable changes:
* The TLS 1.3 implementation uses the final version number from
  RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
  where the DigestInfo structure was missing the NULL parameter.
  Starting with version 3.39, NSS requires the encoding to contain
  the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
  parameter, as support for TLS compression was removed in a
  previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
  - OU = GlobalSign Root CA - R6
  - CN = OISTE WISeKey Global Root GC CA
  The following CA certificate was Removed:
  - CN = ComSign
  The following CA certificates had the Websites trust bit disabled:
  - CN = Certplus Root CA G1
  - CN = Certplus Root CA G2
  - CN = OpenTrust Root CA G1
  - CN = OpenTrust Root CA G2
  - CN = OpenTrust Root CA G3

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes

The HG tag is NSS_3_39_RTM. NSS 3.39 requires NSPR 4.20 or newer.

NSS 3.39 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_39_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.39

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.37 Release

[Kai Engert]

On 14.05.2018 13:24, Kai Engert wrote:
> On 14.05.2018 11:11, Kurt Roeckx wrote:
>> On 2018-05-08 22:49, Kai Engert wrote:
>>> Notable changes:
>>> * The TLS 1.3 implementation was updated to Draft 28.
>>
>> I find it unfortunate that you update the draft version to 28 and did
>> not keep it at 26 like some other implementations, since the protocol
>> did not change since draft 26. This makes it harder to actually test
>> things.
> 
> Are there relevant technical changes between 26 and 28 ?
> 
> See https://bugzilla.mozilla.org/show_bug.cgi?id=1446643#c4 in which EKR
> suggests (IIUC) that there are no changes between 26 and 28.

I meant, no technical changes for NSS are required between 26 and 28, if
I understand EKR's comment correctly.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.37 Release

[Kai Engert]

On 14.05.2018 11:11, Kurt Roeckx wrote:
> On 2018-05-08 22:49, Kai Engert wrote:
>> Notable changes:
>> * The TLS 1.3 implementation was updated to Draft 28.
> 
> I find it unfortunate that you update the draft version to 28 and did
> not keep it at 26 like some other implementations, since the protocol
> did not change since draft 26. This makes it harder to actually test
> things.

Are there relevant technical changes between 26 and 28 ?

See https://bugzilla.mozilla.org/show_bug.cgi?id=1446643#c4 in which EKR
suggests (IIUC) that there are no changes between 26 and 28.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.37 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.37,
which is a minor release.

Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
  select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
  getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
  following CA certificates:
  - CN = S-TRUST Universal Root CA
  - CN = TC TrustCenter Class 3 CA II
  - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.37_release_notes

The HG tag is NSS_3_37_RTM. NSS 3.37 requires NSPR 4.19 or newer.

NSS 3.37 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_37_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.37
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.36.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.36.1,
which is a patch release fix regression bugs.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes

The HG tag is NSS_3_36_1_RTM. NSS 3.36.1 requires NSPR 4.19 or newer.

NSS 3.36.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_36_1_RTM/src/
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.36 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.

Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
  HACL* implementation.
- Experimental APIs for TLS session cache handling.

The release also includes several regression and correctness fixes.

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36_release_notes

The HG tag is NSS_3_36_RTM. NSS 3.36 requires NSPR 4.19 or newer.

NSS 3.36 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_36_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.36
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.35 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.

Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
  using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
  additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
  and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
  higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.35_release_notes

The HG tag is NSS_3_35_RTM. NSS 3.35 requires NSPR 4.18 or newer.

NSS 3.35 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_35_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.35
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.34.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.34.1,
which is a patch release to update the list of root CA certificates.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.34.1_release_notes

The HG tag is NSS_3_34_1_RTM. NSS 3.34.1 requires NSPR 4.17 or newer.

NSS 3.34.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_34_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Linker error from tstclnt

[Kai Engert]

On 10.11.2017 10:16, muni.pra...@gmail.com wrote:
>> USE_STATIC_RTL=1

I haven't seen this symbol before, maybe it's no longer supported.

Does it work if you don't define it?

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: JSS Version 4.4

[Kai Engert]

Apparently nobody had created/uploaded a release archive for that new version.

You could obtain it by using the HG (mercurial) software, and by using the
release tag. The release notes page you mention refers to tag JSS_4_4_20170313.
I see there are also some newer tags in the JSS code repository, I don't know if
those are official patch releases, or untested snapshots.

Anyway, in order to obtain the code for release tag JSS_4_4_20170313 you could
use instructions like this:

- obtain and install the mercurial/HG software
- run the following commands:

  hg clone https://hg.mozilla.org/projects/jss/
  cd jss
  hg archive --prefix jss-4.4-20170313 \
 -r JSS_4_4_20170313 ../jss-4.4-20170313.tar.gz

If you need the .jar file, which had apparently been distributed for previous
releases, it looks like you'd have to build it yourself.

Kai



On Tue, 2017-08-29 at 21:35 +, Clark, Benjamin wrote:
> Hello,
> 
> I am trying to locate the most current JSS version. I believe it is version
> 4.4 but the Mozilla release notes page (https://developer.mozilla.org/en-US/do
> cs/Mozilla/Projects/NSS/JSS_4.4.0_Release_Notes) identifies a location for the
> source tarballs which doesn't exist (https://ftp.mozilla.org/pub/mozilla.org/s
> ecurity/jss/releases/JSS_4_4_0_RTM/src/ g/security/nss/releases/NSS_3_30_RTM/src/>;) There are no directories under
> the "releases" location newer than 4.3.
> 
> I use JSS 4.3 currently but need to start using JSS/NSS with TLS 1.2 which
> requires the 4.4 JSS upgrade. Can anyone point me to where the Mozilla
> community version of JSS 4.4 is available?
> 
> Thanks, Ben
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.32 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.32,
which is a minor release.

Below is a summary of the changes.

Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes

Notable Changes:

* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following root
  certificates:
  - CN = AddTrust Class 1 CA Root
  - CN = Swisscom Root CA 2
* The following CA certificates were Removed:
  - CN = AddTrust Public CA Root
  - CN = AddTrust Qualified CA Root
  - CN = China Internet Network Information Center EV Certificates Root
  - CN = CNNIC ROOT
  - CN = ComSign Secured CA
  - CN = GeoTrust Global CA 2
  - CN = Secure Certificate Services
  - CN = Swisscom Root CA 1
  - CN = Swisscom Root EV CA 2
  - CN = Trusted Certificate Services
  - CN = UTN-USERFirst-Hardware
  - CN = UTN-USERFirst-Object

The HG tag is NSS_3_32_RTM. NSS 3.32 requires NSPR 4.16 or newer.

NSS 3.32 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_32_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.32

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Can we deprecate NSS signtool?

[Kai Engert]

The NSS utility "signtool" is hardcoded to use SHA1 when creating a digital
signature.

As I've described in this bug:
  https://bugzilla.mozilla.org/show_bug.cgi?id=1345528
it might be complicated to change the default to a more secure hash algorithm in
a compatible way.

I wonder who still depends on signtool. If you know, could you please give
feedback?

I see that OpenJDK ships its own tool, jarsigner.

Mozilla appears to use different tools to sign the Firefox addons in XPI file
format, using python. Franziskus pointed me to:
  https://github.com/mozilla-services/autograph/pull/46 )

Can we declare signtool as deprecated?

Thanks
Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.31 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.31,
which is a minor release.

Below is a summary of the changes.

Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.31_release_notes

New functionality:
==
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent storage
  status in a thread safe way.

New Functions:
==
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
  certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
  certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
  URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
  information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.

New Macros:
===
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
  in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
  in RFC7512.

Notable Changes:

* The APIs that set a TLS version range have been changed to trim the requested
  range to the overlap with a systemwide crypto policy, if configured.
  SSL_VersionRangeGetSupported can be used to query the overlap between the
  library's supported range of TLS versions and the systemwide policy.
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
  failure if the requested version range wasn't fully allowed by the systemwide
  crypto policy. They have been changed to return success, if at least one TLS
  version overlaps between the requested range and the systemwide policy. An
  application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
  query the TLS version range that was effectively activated.
* Corrected the encoding of Domain Name Constraints extensions created by
  certutil.
* NSS supports a clean seeding mechanism for *NIX systems now using only
  /dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
  time.
* CERT_AsciiToName can handle OIDs in dotted decimal form now.

The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer.

NSS 3.31 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_31_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.31

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28.5 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28.5,
which is a patch release to update the list of root CA certificates.

These are backported changes, which are equivalent to the changes that
have been recently released with NSS 3.30.2.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA 
- CN = WellsSecure Public Root Certificate Authority 
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root 
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013 
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 
* The version number of the updated root CA list has been set to 2.14
  (Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
  NSS code (Bug 1349705)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.5_release_notes

The HG tag is NSS_3_28_5_RTM. NSS 3.28.5 requires NSPR 4.13.1 or newer.

NSS 3.28.5 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_5_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.30.2 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA 
- CN = WellsSecure Public Root Certificate Authority 
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root 
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013 
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 
* The version number of the updated root CA list has been set to 2.14
  (Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
  NSS code (Bug 1349705)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.2_release_notes

The HG tag is NSS_3_30_2_RTM. NSS 3.30.2 requires NSPR 4.14 or newer.

NSS 3.30.2 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_2_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.21.4 and 3.28.4 and 3.29.5 and 3.30.1 Releases

[Kai Engert]

The NSS Development Team announces multiple security patch releases:

* NSS 3.21.4 for NSS 3.21
* NSS 3.28.4 for NSS 3.28
* NSS 3.29.5 for NSS 3.29
* NSS 3.30.1 for NSS 3.30

No new functionality is introduced in these releases.

The following security fixes are included. Users are encouraged to upgrade
immediately.

In NSS 3.21.4, 3.28.4, 3.29.5 and 3.30.1:
* Bug 1344380 / CVE-2017-5461 - Out-of-bounds write in Base64 encoding in NSS

In NSS 3.21.4, NSS 3.28.4 and 3.29.5:
* Bug 1345089 / CVE-2017-5462 - DRBG flaw in NSS

In NSS 3.28.4 an additional crash fix was included.

NSS source distributions are available on ftp.mozilla.org for secure HTTPS
download.

NSS 3.21.4 requires NSPR 4.12 or newer. The HG tag is NSS_3_21_4_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_21_4_RTM/src/

NSS 3.28.4 requires NSPR 4.13.1 or newer. The HG tag is NSS_3_28_4_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_4_RTM/src/

NSS 3.29.5 requires NSPR 4.13.1 or newer. The HG tag is NSS_3_29_5_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_29_5_RTM/src/

NSS 3.30.1 requires NSPR 4.14 or newer. The HG tag is NSS_3_30_1_RTM.
The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
Download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How can i list Builtin Root ACs ?

[Kai Engert]

On Tue, 2017-02-21 at 06:40 -0800, Abdelhak Brrem wrote:
> Does anyone knows how to list the builtin root ACs stored in the nssckbi.dll
> file ?.

If you're asking about certutil, you can use the "-h all" parameter to list
certificates from all tokens.

But by default certutil doesn't load nssckbi.dll

You can create a new database using "certutil -N", then use modutil to add the
nssckbi.dll as a module to your database, then "certutil -L -h all" should work.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28.3 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28.3

No new functionality is introduced in this release.
This is a patch release to fix binary compatibility issues.

NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation
with the NSS compatibility promise.

ECParams, which is part of the public API of the freebl/softokn parts of NSS,
had been changed to include an additional attribute. That size increase caused
crashes or malfunctioning with applications that use that data structure
directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey,
NSSLOWKEYPrivateKey, or potentially other data structures that reference
ECParams. The change has been reverted to the original state in bug 1334108.

SECKEYECPublicKey had been extended with a new attribute, named "encoding". If
an application passed type SECKEYECPublicKey to NSS (as part of
SECKEYPublicKey), the NSS library read the uninitialized attribute. With this
NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the
attribute, and will always set it to ECPoint_Undefined. See bug 1340103.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.3_release_notes

The HG tag is NSS_3_28_3_RTM. NSS 3.28.3 requires NSPR 4.13.1 or newer.

NSS 3.28.3 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_28_3_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.29.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.29.1

No new functionality is introduced in this release.
This is a patch release to fix binary compatibility issues.

NSS version 3.28, 3.28.1, 3.28.2 and 3.29 contained changes that were in
violation with the NSS compatibility promise.

ECParams, which is part of the public API of the freebl/softokn parts of NSS,
had been changed to include an additional attribute. That size increase caused
crashes or malfunctioning with applications that use that data structure
directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey,
NSSLOWKEYPrivateKey, or potentially other data structures that reference
ECParams. The change has been reverted to the original state in bug 1334108.

SECKEYECPublicKey had been extended with a new attribute, named "encoding". If
an application passed type SECKEYECPublicKey to NSS (as part of
SECKEYPublicKey), the NSS library read the uninitialized attribute. With this
NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the
attribute, and will always set it to ECPoint_Undefined. See bug 1340103.

(Note that NSS 3.28.3 from the older NSS 3.28.x branch has also been released
 with the identical fixes.)

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.1_release_notes

The HG tag is NSS_3_29_1_RTM. NSS 3.29.1 requires NSPR 4.13.1 or newer.

NSS 3.29.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_29_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

NSS 3.28 and Mozilla code version 50 or older, HTTP/2 failures

[Kai Engert]

HTTP/2 code in Firefox versions between 32 and 50 (inclusive),
contains a bug which enforces an incorrect minimum key size for ECDH
of 256 bits.  This bug is fixed in Firefox 51 (see
).

NSS 3.28 introduces a new ECDH key exchange with a key size of 255
bits, which - if negotiated - will cause versions Firefox 32 through
50 to incorrectly reject the connection.

If you intend to use NSS 3.28 with Firefox 50 or older, you should
apply the patch used for Firefox 51:
  This patch
has recently been added to the Firefox 45 ESR branch.

This issue affects all software that uses the gecko platform.


Thanks to Martin Thomson for helping with this text.
Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28.1,
which is a patch release.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

No new functionality is introduced in this release. This is a patch release to
update the list of root CA certificates and address a minor TLS compatibility
issue that some applications experienced with NSS 3.28.

Notable Changes:
* The following CA certificates were Removed
- CN = Buypass Class 2 CA 1
- CN = Root CA Generalitat Valenciana
- OU = RSA Security 2048 V3
* The following CA certificates were Added
- OU = AC RAIZ FNMT-RCM
- CN = Amazon Root CA 1
- CN = Amazon Root CA 2
- CN = Amazon Root CA 3
- CN = Amazon Root CA 4
- CN = LuxTrust Global Root 2
- CN = Symantec Class 1 Public Primary Certification Authority - G4
- CN = Symantec Class 1 Public Primary Certification Authority - G6
- CN = Symantec Class 2 Public Primary Certification Authority - G4
- CN = Symantec Class 2 Public Primary Certification Authority - G6
* The version number of the updated root CA list has been set to 2.11
* A misleading assertion/alert has been removed when NSS tries to flush data
  to the peer but the connection was already reset.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.1_release_notes

The HG tag is NSS_3_28_1_RTM. NSS 3.28.1 requires NSPR 4.13.1 or newer.

NSS 3.28.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_28_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.28.1

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.28 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.28,
which is a minor release.

Below is a summary of the changes.

Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes


Request to test and prepare for TLS 1.3 (draft):


To prepare for a change of default build options, which is
planned for
the future NSS 3.29 release, we'd like to encourage all users of NSS
3.28
to override the standard NSS build configuration to enable support for
(draft
) TLS 1.3 by defining NSS_ENABLE_TLS_1_3=1 at build time.
We'd like to ask you to
please give feedback to the NSS developers for any
compatibility issues that you
might encounter in your tests.

For providing feedback, you may send a message to this mailing list, see:
  https://lists.mozilla.org/listinfo/dev-tech-crypto
or please report a bug here:
  https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS


New functionality:
==
* NSS includes support for TLS 1.3 draft -18. This includes a number 
  of
improvements to TLS 1.3:
  - The signed certificate timestamp, used in
certificate transparency, 
    is supported in TLS 1.3.
  - Key exporters for TLS
1.3 are supported. This includes the early key
    exporter, which can be used if
0-RTT is enabled. Note that there is a
    difference between TLS 1.3 and key
exporters in older versions of TLS.
    TLS 1.3 does not distinguish between an
empty context and no context.
  - The TLS 1.3 (draft) protocol can be enabled, by
defining
    NSS_ENABLE_TLS_1_3=1 when building NSS.
* NSS includes support for
the X25519 key exchange algorithm, which is
  supported and enabled by default in
all versions of TLS.

New Functions:
==
* SSL_ExportEarlyKeyingMaterial
* SSL_SendAdditionalKeyShares
* SSL_SignatureSchemePrefSet
* SSL_SignatureSchemePrefGet

Notable Changes:

* NSS can no longer be compiled with support for additional elliptic curves.
  This was previously possible by replacing certain NSS source files.
* NSS will now detect the presence of tokens that support additional
  elliptic curves and enable those curves for use in TLS.
  Note that this detection has a one-off performance cost, which can be
  avoided by using the SSL_NamedGroupConfig function to limit supported
  groups to those that NSS provides.
* PKCS#11 bypass for TLS is no longer supported and has been removed.
* Support for "export" grade SSL/TLS cipher suites has been removed.
* NSS now uses the signature schemes definition in TLS 1.3.
  This also affects TLS 1.2. NSS will now only generate signatures with the
  combinations of hash and signature scheme that are defined in TLS 1.3,
  even when negotiating TLS 1.2.
  - This means that SHA-256 will only be used with P-256 ECDSA certificates,
    SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates.
    SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward
    compatibility reasons.
  - New functions to configure signature schemes are provided:
    SSL_SignatureSchemePrefSet, SSL_SignatureSchemePrefGet.
    The old SSL_SignaturePrefSet and SSL_SignaturePrefSet functions are
    now deprecated.
  - NSS will now no longer assume that default signature schemes are 
    supported by a peer if there was no commonly supported signature scheme.
* NSS will now check if RSA-PSS signing is supported by the token that holds
  the private key prior to using it for TLS.
* The certificate validation code contains checks to no longer trust
  certificates that are issued by old WoSign and StartCom CAs after 
  October 21, 2016. This is equivalent to the behavior that Mozilla will
  release with Firefox 51.


The HG tag is NSS_3_28_RTM. NSS 3.28 requires NSPR 4.13.1 or newer.

NSS 3.28 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_28_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.28

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: NSS and NSPR compilation error: ssl3con.c:36:18: fatal error: zlib.h: No such file

[Kai Engert]

On Thu, 2016-10-20 at 10:13 +, Ding Yangliang wrote:
> ssl3con.c:36:18: fatal error: zlib.h: no such file or directory

zlib.h is a file that should be provided by your development environment.

I don't know what package on Ubuntu provides that file, but I'm guessing the
name should be similar to zlib-dev.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.27.1 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.27.1.

This is a patch release to address a TLS compatibility issue 
that some applications experienced with NSS 3.27.

Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.

Previous versions of NSS made TLS 1.3 (draft) available only when compiled
with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing
TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the
maximum version used by default remained TLS 1.2.

However, some applications query the list of protocol versions that are
supported by the NSS library, and enable all supported TLS protocol versions.
Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused
those applications to enable TLS 1.3 (draft). This resulted in connectivity
failures, as some TLS servers are version 1.3 intolerant, and failed to
negotiate an earlier TLS version with NSS 3.27 clients.

NSS 3.27.1 once again requires NSS_ENABLE_TLS_1_3 to be set
to enable TLS 1.3 (draft).
( https://bugzilla.mozilla.org/show_bug.cgi?id=1306985 )

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27.1_release_notes

The HG tag is NSS_3_27_1_RTM. NSS 3.27.1 requires NSPR 4.13 or newer.

NSS 3.27.1 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.27 Release

[Kai Engert]

On Sun, 2016-10-02 at 08:30 +0200, Florian Weimer wrote:
> Is there a compile-time switch to disable the draft protocol
> implementation completely?

Yes, define NSS_DISABLE_TLS_1_3=1 at build time.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.27 Release

[Kai Engert]

On Sun, 2016-10-02 at 01:48 +0200, Kai Engert wrote:
> The maximum TLS version enabled by default has been increased to TLS 1.3

I have been corrected.

The maximum TLS version enabled by default is still TLS 1.2.

However, there are applications that query the list of TLS protocol versions
supported by NSS, and enable all supported versions. For those applications,
updating to NSS 3.27, may result in TLS 1.3 (draft) to be enabled.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.27 Release

[Kai Engert]

On Wed, 2016-09-28 at 14:39 +0200, Kai Engert wrote:
> The NSS team has released Network Security Services (NSS) 3.27,
> which is a minor release.
> ...
> The full release notes are available at
> https://developer.mozilla.org/en-
> US/docs/Mozilla/Projects/NSS/NSS_3.27_releas_notes


Unfortunately, we had forgotten to mention an important change in NSS 3.27:

  The maximum TLS version enabled by default has been increased to TLS 1.3

This is particularly noteworthy, because we have already received
incompatibility reports.

(For the current status of TLS 1.3, see
 https://tools.ietf.org/html/draft-ietf-tls-tls13-16 )

In general, if a client supports a newer version of TLS, and offers it in the
TLS client_hello message, but the server supports only older versions of TLS,
the server can request to use the older preference with the server_hello
message.

Apparently there are servers that don't follow the above rule, but simply abort
the connection (TLS version intolerance), when receiving a client_hello offering
TLS 1.3, as sent with NSS 3.27 by default, if the application doesn't request a
specific maximum TLS version.

If you experience failure to connect to a server with TLS 1.3 enabled, you
should probably report this intolerance to the operator of the server.

If your client application allows you to configure the maximum TLS version
enabled, you could attempt to configure maximum version TLS 1.2 when connecting
to a broken server.

Consumers of NSS, who'd like to disable the use of TLS 1.3 completely, may do so
by defining symbol NSS_DISABLE_TLS_1_3 when building NSS.

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.27 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.27,
which is a minor release.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

New functionality:
* Allow custom named group priorities for TLS key exchange handshake
  (SSL_NamedGroupConfig).
* Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3

New Functions:
* SSL_NamedGroupConfig

Notable Changes:
* NPN can not be enabled anymore.
* Hard limits on the maximum number of TLS records encrypted with the same 
  key are enforced.
* Disabled renegotiation in DTLS.
* The following CA certificates were Removed
- CN = IGC/A, O = PM/SGDN, OU = DCSSI
- CN = Juur-SK, O = AS Sertifitseerimiskeskus
- CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı
- CN = S-TRUST Authentication and Encryption Root CA 2005:PN
- O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority
- O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2
- O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority
- O = Equifax, OU = Equifax Secure Certificate Authority
- CN = Equifax Secure eBusiness CA-1
- CN = Equifax Secure Global eBusiness CA-1

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes

The HG tag is NSS_3_27_RTM. NSS 3.27 requires NSPR 4.13 or newer.

NSS 3.27 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.27

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.26 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.26, which is a minor
release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) 
  and 0-RTT
* added support for the System-wide crypto policy available on 
  Fedora Linux, see http://fedoraproject.org/wiki/Changes/CryptoPolicy
* introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of 
  NSS without the libpkix library

Notable Changes:
* The following CA certificate was Added
- CN = ISRG Root X1
* NPN is disabled and ALPN is enabled by default
* the NSS test suite now completes with the experimental TLS 1.3 code enabled
* several test improvements and additions, including a NIST known answer test

The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.26_release_notes

The HG tag is NSS_3_26_RTM. NSS 3.26 requires NSPR 4.12 or newer.

NSS 3.26 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_26_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.26

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.25 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.25, which is a minor
release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2, 
  NSS only supported certificate_verify messages that used the same
  signature hash algorithm as used by the PRF. 
  This limitation has been removed.
* Several functions have been added to the public API of the NSS
  Cryptoki Framework.

New Functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle

Notable Changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3
* Regression fix: NSS no longer reports a failure if an application attempts
  to disable the SSL v2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
- CN = Sonera Class1 CA
* The following CA certificates were Added 
- CN = Hellenic Academic and Research Institutions RootCA 2015
- CN = Hellenic Academic and Research Institutions ECC RootCA 2015
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3

The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes

The HG tag is NSS_3_25_RTM. NSS 3.25 requires NSPR 4.12 or newer.

NSS 3.25 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_25_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.25
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.24 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.24, which is 
a minor release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1 
  (no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS 
  server sockets with a certificate and private key. This method should be 
  used in preference to SSL_ConfigSecureServer,
  SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
  SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.

New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate, 
  private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on 
  the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on 
  the stack. See PORTCheapArenaPool.

New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument 
  to SSL_ConfigServerCert.  It contains supplementary information about a 
  certificate, such as the intended type of the certificate, stapled OCSP 
  responses, or signed certificate timestamps (used for certificate 
  transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for 
  temporary arena allocations.

New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the 
  TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only 
  used for session resumption in TLS 1.3.

Notable Changes:
* The following functions have been deprecated (applications should use the 
  new SSL_ConfigServerCert function instead):
  * SSL_SetStapledOCSPResponses
  * SSL_SetSignedCertTimestamps
  * SSL_ConfigSecureServer
  * SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
  value for certificates that might be used for signing rather than key 
  exchange.
* SSLAuthType has been updated to define a larger number of authentication 
  key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been 
  deprecated. Instead, applications should use the newly added attribute 
  authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been 
  added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to 
  actively send a SSL v2 compatible client hello.
  However, the server side implementation of the SSL/TLS protocol continues to 
  support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the 
  environment variable named SSLKEYLOGFILE is set. NSS has been changed to 
  disable this functionality in optimized builds by default. In order to enable 
  the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE 
  must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved.  This includes support for DTLS 1.3.
  Note that TLS 1.3 support is experimental and is not suitable for production
  use.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes

The HG tag is NSS_3_24_RTM. NSS 3.24 requires NSPR 4.12 or newer.

NSS 3.24 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_24_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.24

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.4,
which is a security patch release for NSS 3.19.2.

(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to
NSS 3.21.1, NSS 3.22.2, or a later release.)

No new functionality is introduced in this release.

The following security fixes from NSS 3.21 have been backported to NSS 3.19.2.4.
Users are encouraged to upgrade immediately.

* Bug 1185033 / CVE-2016-1979 - Use-after-free during processing of DER
  encoded keys in NSS
* Bug 1209546 / CVE-2016-1978 - Use-after-free in NSS during SSL connections
  in low memory
* Bug 1190248 / CVE-2016-1938 - Errors in mp_div and mp_exptmod cryptographic
  functions in NSS

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.4_release_notes

The HG tag is NSS_3_19_2_4_RTM. NSS 3.19.2.4 requires NSPR 4.10.10 or newer.

NSS 3.19.2.4 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_4_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.

No new functionality is introduced in this release.

The following bugs have been resolved in NSS 3.22.3

* Bug 1243641 - Increase compatibility of TLS extended master secret,
  don't send an empty TLS extension last in the handshake

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.3_release_notes

The HG tag is NSS_3_22_3_RTM. NSS 3.22.3 requires NSPR 4.12 or newer.

NSS 3.22.3 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_3_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.22.2,
which is a security patch release for NSS 3.22.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.22.2. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

Notable Changes:
* Bug 1247990 - The root CA changes from NSS 3.23 have been backported.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.2_release_notes

The HG tag is NSS_3_22_2_RTM. NSS 3.22.2 requires NSPR 4.12 or newer.

NSS 3.22.2 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_2_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.21.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.21.1,
which is a security patch release for NSS 3.21.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.21.1. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

The HG tag is NSS_3_21_1_RTM. NSS 3.21.1 requires NSPR 4.10.10 or newer.

NSS 3.21.1 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_21_1_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.23 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.

The following security-relevant bug has been resolved in NSS 3.23. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
  (bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
  This code is not ready for production use.

New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
  anti-downgrade mechanism

Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
  (bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered 
  to improve compatibility of the Extended Master Secret feature
  with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed 
  to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added, 
  which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado 
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado 
- NetLock Uzleti (Class B) Tanusitvanykiado 
- NetLock Expressz (Class C) Tanusitvanykiado 
- VeriSign Class 1 Public PCA – G2 
- VeriSign Class 3 Public PCA 
- VeriSign Class 3 Public PCA – G2 
- CA Disig
* The following CA certificates were Added 
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA 

The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes

The HG tag is NSS_3_23_RTM. NSS 3.23 requires NSPR 4.12 or newer.

NSS 3.23 source distributions are available on ftp.mozilla.org for secure HTTPS
download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_23_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.23

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.3,
which is a security patch release for NSS 3.19.2.

(Current users of NSS 3.19.3, NSS 3.19.4 or NSS 3.20.x are advised to update to
NSS 3.21.1, NSS 3.22.2, or a later release.)

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.19.2.3. 
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

The HG tag is NSS_3_19_2_3_RTM. NSS 3.19.2.3 requires NSPR 4.10.10 or newer.

NSS 3.19.2.3 source distributions are available on ftp.mozilla.org for secure
HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_3_RTM/src/

The NSS development team would like to thank security researcher Francis Gabriel
for responsibly disclosing the issue in Bug 1245528.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: server-side OCSP stapling

[Kai Engert]

On Tue, 2016-03-01 at 17:19 -0800, Robert Relyea wrote:
> IIRC the API to fetch the ocsp response is mostly application code. NSS 
> has a simple http request function that can fetch the request if the 
> application doesn't supply one (which doesn't know about proxies, etc.). 
> You could override the http fetch function, then validate your cert 
> change and squirrel way the OCSP response before you pass it off to NSS. 
> That's probably the simplest way of getting it.
> 
> I think You just need the blob, not the parsed blob.

Adding a few more details:

We don't have a helper function to do everything in a simple
way, you'll have to call a series of functions.

We could consider to implement a new API for that, but for now,
you'll have to do it manually.

Start with CERT_GetOCSPAuthorityInfoAccessLocation() to get the OCSP AIA URL
embedded in the cert.

If you aren't required to use a proxy for the outgoing connection to the
CA's OCSP responder, you can rely on NSS' internal minimal HTTP client.

(If you do need a proxy, you'll have to link a smarter HTTP client into your
server, and use the NSS callback API to override which HTTP client NSS
will use, see SEC_RegisterDefaultHttpClient.)

Then use CERT_GetEncodedOCSPResponseByMethod, probably you should prefer to
use the "GET" method, see the comment in the ocsp.c file for how to use it.

This will give you the encoded OCSP response. I believe you can use the whole
result as input for SSL_SetStapledOCSPResponses().

If your server uses multiple certs (e.g. RSA and ECC), you should do that
twice, once for each cert.

Kai
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.22.1

No new functionality is introduced in this release.

Notable Changes:
* NSS has been changed to use the PR_GetEnvSecure function that
  was made available in NSPR 4.12

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes

The HG tag is NSS_3_22_1_RTM. NSS 3.22.1 requires NSPR 4.12 or newer.

NSS 3.22.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_1_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Why SSL_ENABLE_SERVER_DHE?

[Kai Engert]

On Fri, 2016-02-12 at 13:52 -0500, Rob Crittenden wrote:
> Is there a reason that SSL_ENABLE_SERVER_DHE exists? Why not simply not
> enable any DH ciphers?
> 
> I ask because I'm looking to add some DH support and want to know how
> bad an idea it is to always enable this. I can't think of a downside as
> long as the ciphers are disabled server-side. What am I missing?

The usual strategy of NSS is not to enable new features by default, but let the
application decide.

From how I understand your message, you assume that all DH ciphers are disabled
by default? That's not true, NSS enables several of the DH ciphersuites by
default, you could look at the table named cipherSuites in file
lib/ssl/ssl3con.c

If a ciphersuite is enabled, it's enabled for both server and client side
connections.

Because older versions of NSS had already contained client side support for
_DHE_, and as a consequence, applications might already have had those ciphers
enabled, we had decided that upgrading to NSS 3.20 shouldn't come with the
surprise that suddenly more ciphers are enabled on the server side.

By setting socket option SSL_ENABLE_SERVER_DHE to true, you confirm that you
want to enable the server side support for DHE ciphersuites.

You might also want to have a look at the release notes of NSS 3.20, when
SSL/TLS server side support for DHE was added:
https://developer.mozilla.org/en-U
S/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Is there a tool in NSS to validate a website certificate set?

[Kai Engert]

On Tue, 2016-02-09 at 22:51 +1000, Jonathan Wilson wrote:
> OpenSSL has a s_client command that allows you to pull the certificates a 
> web page sends and verify the chain of trust against whatever root CA store 
> OpenSSL is using. Is there a way to do something similar for NSS? i.e. pull 
> the certificates a web page sends and validate them against the current set 
> of Mozilla root certificates?
> 
> And if there is, where do I get it from and how do I compile it? (if its 
> one of the standard utilities in NSS, how do I compile those?)

If you use a Linux distribution, you can probably get a package that already
contains the tools. On fedora it's nss-tools

We have test utilities, that are primarily used as part of the NSS test suite,
and which (at least on Fedora) are shipped in a separate "unsupported-tools"
directory, but they can do what you want.

On Fedora, you can execute 
  /usr/lib64/nss/unsupported-tools/vfyserv www.yourhost

which will attempt to validate the server's cert against the CA trust list that
comes with NSS (from the libnssckbi.so module).

This doesn't show the full chain on the terminal, but there's an option -c that
will dump all certs sent by the server into files.

I also like tstclnt, which has recently been enhanced to print information about
the server chain:

/usr/lib64/nss/unsupported-tools/tstclnt -C -D -b -h www.yourhost -p 443

You can use -C up to three times, to get more details about the certs.

If your platform doesn't offer you the NSS tools pre-packaged, then tollow the
standard NSS build instructions:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Sources_Building_Testing

Kai

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.22 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.

New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)

New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp 
  TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
  TLS extension data

New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag

New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)

Notable Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler. 
  Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22_release_notes

The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.

NSS 3.22 source distributions are available for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.22&product=NSS

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.2

Network Security Services (NSS) 3.19.2.2 is a patch release
for NSS 3.19.2 to fix a security-relevant bug.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.19.2.2. 
Users are encouraged to upgrade immediately.

* Bug 1158489 (CVE-2015-7575):
  Prevent MD5 Downgrade in TLS 1.2 Signatures

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.2_release_notes

The HG tag is NSS_3_19_2_2_RTM. NSS 3.19.2.2 requires NSPR 4.10.10 or newer.

NSS 3.19.2.2 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_2_RTM/src/

The NSS development team would like to thank Karthikeyan Bhargavan from INRIA
for responsibly disclosing the issue in Bug 1158489.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.20.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.20.2

Network Security Services (NSS) 3.20.2 is a patch release
for NSS 3.20 to fix a security-relevant bug.

No new functionality is introduced in this release.

The following security-relevant bug has been resolved in NSS 3.20.2.
Users are encouraged to upgrade immediately.

* Bug 1158489 (CVE-2015-7575):
  Prevent MD5 Downgrade in TLS 1.2 Signatures

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes

The HG tag is NSS_3_20_2_RTM. NSS 3.20.2 requires NSPR 4.10.10 or newer.

NSS 3.20.2 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_2_RTM/src/

The NSS development team would like to thank Karthikeyan Bhargavan from INRIA
for responsibly disclosing the issue in Bug 1158489.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.21 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.

New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)

New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
  string, module parameters string, NSS specific parameters string, and NSS
  configuration parameter string. The module represented by the module
  structure is not loaded. The difference with SECMOD_CreateModule is the new
  function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
  to the handshake being completed, for use with the callbacks that are invoked
  during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
  for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
  algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
  can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
  library string, module name string, module parameters string, NSS specific
  parameters string, and NSS configuration parameter strings. The returned
  strings must be freed by the caller. The difference with
  NSS_ArgParseModuleSpec is the new function handles NSS configuration
  parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
  module parameters string, NSS specific parameters string, and NSS
  configuration parameter string and returns a module string which the caller
  must free when it is done. The difference with NSS_MkModuleSpec is the new
  function handles NSS configuration parameter strings.

New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
  prior to handshake completion

New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
  ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
  PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
  exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
  DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
  signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
  unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
  master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
  extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
  master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
  TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
  that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
  preliminary information has been set

Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 

[ANNOUNCE] NSS 3.19.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.4

Network Security Services (NSS) 3.19.4 is a patch release
for NSS 3.19 to fix security-relevant bugs.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.19.4. 
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and 
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are 
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.

The following security-relevant bugs have been resolved in NSPR 4.10.10, 
which affect NSS.

Because NSS includes portions of the affected NSPR code at build time, 
it is necessary to use NSPR 4.10.10 when building NSS.

* Bug 1205157 (NSPR, CVE-2015-7183): 
  A logic bug in the handling of large allocations would allow
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to
  bypass security checks and obtain control of arbitrary memory.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes

The HG tag is NSS_3_19_4_RTM. NSS 3.19.4 requires NSPR 4.10.10 or newer.

NSS 3.19.4 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_4_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.20.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.20.1

Network Security Services (NSS) 3.20.1 is a patch release
for NSS 3.20 to fix security-relevant bugs.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.

The following security-relevant bugs have been resolved in NSPR 4.10.10,
which affect NSS.

Because NSS includes portions of the affected NSPR code at build time,
it is necessary to use NSPR 4.10.10 when building NSS.

* Bug 1205157 (NSPR, CVE-2015-7183):
  A logic bug in the handling of large allocations would allow
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to
  bypass security checks and obtain control of arbitrary memory.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes

The HG tag is NSS_3_20_1_RTM. NSS 3.20.1 requires NSPR 4.10.10 or newer.

NSS 3.20.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.2.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.2.1

Network Security Services (NSS) 3.19.2.1 is a patch release
for NSS 3.19.2 to fix security-relevant bugs.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.19.2.1. 
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and 
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are 
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.

The following security-relevant bugs have been resolved in NSPR 4.10.10, 
which affect NSS.

Because NSS includes portions of the affected NSPR code at build time, 
it is necessary to use NSPR 4.10.10 when building NSS.

* Bug 1205157 (NSPR, CVE-2015-7183): 
  A logic bug in the handling of large allocations would allow 
  exceptionally large allocations to be reported as successful, without
  actually allocating the requested memory. This may allow attackers to 
  bypass security checks and obtain control of arbitrary memory.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes

The HG tag is NSS_3_19_2_1_RTM. NSS 3.19.2.1 requires NSPR 4.10.10 or newer.

NSS 3.19.2.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_1_RTM/src/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.20 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.20,
which is a minor release.

New functionality:
* The TLS library has been extended to support DHE ciphersuites in
  server applications.

New Functions:
* SSL_DHEGroupPrefSet - Configure the set of allowed/enabled DHE group
  parameters that can be used by NSS for a server socket.
* SSL_EnableWeakDHEPrimeGroup - Enable the use of weak DHE group
  parameters that are smaller than the library default's minimum size.

New Types:
* SSLDHEGroupType - Enumerates the set of DHE parameters embedded in
  NSS that can be used with function SSL_DHEGroupPrefSet.

New Macros:
* SSL_ENABLE_SERVER_DHE - A socket option user to enable or disable
  DHE ciphersuites for a server socket.

Notable Changes:
* The TLS library has been extended to support DHE ciphersuites in
  server applications.
* For backwards compatibility reasons, the server side implementation
  of the TLS library keeps all DHE ciphersuites disabled by default.
  They can be enabled with the new socket option SSL_ENABLE_SERVER_DHE
  and the SSL_OptionSet or the SSL_OptionSetDefault API.
* The server side implementation of the TLS implementation does not
  support session tickets when using a DHE ciphersuite (see bug 
  1174677).
* Support for the following ciphersuites has been added:
  - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
  - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
  - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* By default, the server side TLS implementation will use DHE
  parameters with a size of 2048 bits when using DHE ciphersuites.
* NSS embeds fixed DHE parameters sized 2048, 3072, 4096, 6144 and
  8192 bits, which were copied from version 08 of the Internet-Draft
  "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for
  TLS", Appendix A.
* A new API SSL_DHEGroupPrefSet has been added to NSS, which allows a
  server application to select one or multiple of the embedded DHE
  parameters as the preferred parameters. The current implementation of
  NSS will always use the first entry in the array that is passed as a
  parameter to the SSL_DHEGroupPrefSet API. In future versions of the
  TLS implementation, a TLS client might signal a preference for
  certain DHE parameters, and the NSS TLS server side implementation
  might select a matching entry from the set of parameters that have 
  been configured as preferred on the server side.
* NSS optionally supports the use of weak DHE parameters with DHE
  ciphersuites to support legacy clients. In order to enable this
  support, the new API SSL_EnableWeakDHEPrimeGroup must be used. Each
  time this API is called for the first time in a process, a fresh set
  of weak DHE parameters will be randomly created, which may take a
  long amount of time. Please refer to the comments in the header file
  that declares the SSL_EnableWeakDHEPrimeGroup API for additional 
  details.
* The size of the default PQG parameters used by certutil when 
  creating DSA keys has been increased to use 2048 bit parameters.
* The selfserv utility has been enhanced to support the new DHE 
  features.
* NSS no longer supports C compilers that predate the ANSI C 
  standard (C89).

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes

The HG tag is NSS_3_20_RTM. NSS 3.20 requires NSPR 4.10.8 or newer.

NSS 3.20 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_20_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.20&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.3

Network Security Services (NSS) 3.19.3 is a patch release
for NSS 3.19 to update the list of root CA certificates.

No new functionality is introduced in this release.

Notable Changes:
* The following CA certificates were Removed
- Buypass Class 3 CA 1
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
- SG TRUST SERVICES RACINE
- TC TrustCenter Universal CA I
- TC TrustCenter Class 2 CA II
* The following CA certificate had the Websites trust bit turned off
- ComSign Secured CA
* The following CA certificates were Added
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- Certinomis - Root CA
* The version number of the updated root CA list has been set
  to 2.5

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.3_release_notes

The HG tag is NSS_3_19_3_RTM. NSS 3.19.3 requires NSPR 4.10.8 or newer.

NSS 3.19.3 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_3_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.19.3&product=NSS



-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Missing functions in latest NSS library

[Kai Engert]

On Tue, 2015-06-09 at 04:34 -0700, John wrote:
> I did not get these error with Mozilla xulrunner SDK 32.0 (which includes
> NSS 3.16.4).

This might be caused by Mozilla's optimization attempts.

On certain platforms, Mozilla merges all NSS code into a single shared
library, and limit the exported functions to those that Mozilla
requires.

As an unfortunate result, the NSS library shipped by Mozilla is a
crippled version, that exports a subset of NSS functions, only, although
it uses the same name nss3.dll.

Looking at file config/external/nss/nss.def in the Firefox sources, I
don't see the first function you've mentioned
(PK11_ListFixedKeysInSlot).

You could try to patch the mozilla code, probably this source file, to
include all the functions that you require.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.19.1

Network Security Services (NSS) 3.19.1 is a patch release
for NSS 3.19.

No new functionality is introduced in this release. This patch
release includes a fix for the recently published logjam attack.

Notable Changes:
* The minimum strength of keys that libssl will accept for
  finite field algorithms (RSA, Diffie-Hellman, and DSA) have
  been increased to 1023 bits (bug 1138554).
* NSS reports the bit length of keys more accurately.  Thus,
  the SECKEY_PublicKeyStrength and SECKEY_PublicKeyStrengthInBits
  functions could report smaller values for values that have
  leading zero values. This affects the key strength values that
  are reported by SSL_GetChannelInfo.

The NSS development team would like to thank Matthew Green and
Karthikeyan Bhargavan for responsibly disclosing the issue in
bug 1138554.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

The HG tag is NSS_3_19_1_RTM. NSS 3.19.1 requires NSPR 4.10.8 or newer.

NSS 3.19.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.19.1&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.19 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.

New functionality:
* For some certificates, such as root CA certificates, that don't
  embed any constraints, NSS might impose additional constraints,
  such as name constraints. A new API has been added that allows
  to lookup imposed constraints.
* It is possible to override the directory in which the NSS build
  system will look for the sqlite library.

New Functions:
* CERT_GetImposedNameConstraints

Notable Changes:
* The SSL 3 protocol has been disabled by default.
* NSS now more strictly validates TLS extensions and will fail a
  handshake that contains malformed extensions.
* Fixed a bug related to the ordering of TLS handshake messages.
* In TLS 1.2 handshakes, NSS advertises support for the SHA512
  hash algorithm, in order to be compatible with TLS servers
  that use certificates with a SHA512 signature.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes

The HG tag is NSS_3_19_RTM. NSS 3.19 requires NSPR 4.10.8 or newer.

NSS 3.19 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.19&product=NSS




-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Error code: sec_error_ca_cert_invalid

[Kai Engert]

On Tue, 2015-04-28 at 12:51 -0500, Rebecca White wrote:
> The site is
> https://bankruptcylink.com

This issue is now being tracked at
https://bugzilla.mozilla.org/show_bug.cgi?id=1159471


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Error code: sec_error_ca_cert_invalid

[Kai Engert]

On Thu, 2015-04-23 at 13:11 -0700, rebecca.c...@gmail.com wrote:
> Accessing https site that is used by the entire state of Indiana. My
> office is apparently the only office that cannot access the site. Well,
> that is to say, half of my office cannot access the site, the other
> half can access it with no problem. All are using Firefox 36.0.4, all
> were previously able to access the site.
> 
> I no longer see a "security.use_mozillapkix_verification" setting in
> about:config - what is preventing some firefox users from accessing
> this site?

Hello Rebecca,

the setting security.use_mozillapkix_verification has been removed, I
believe it's gone since Firefox 32. Since then, Firefox only uses the
new code.

You say you aren't able to access that site. First, it means that site
isn't following best practices. If the entire state of Indiana is
required to use that site, then it would be very good to fix that site.
Is it a public Internet site, or some internal/intranet site?

Is my assumption correct, that you cannot access the site, because you
are unable to "add an override", like Firefox usually allows with other
bad sites?

There was a regression bug in Firefox 36 which made it impossible to
"add an override" for certain scenarios that result in the
ca_cert_invalid error message.
(That was https://bugzilla.mozilla.org/show_bug.cgi?id=1138332 )

Unfortunately, it was too late to get that bug fixed in Firefox 36.

However, Firefox 37, which was released end of March 2015, contained a
fix for this issue.

Are you able to upgrade to Firefox 37 and see if it fixes your issue?

If it doesn't, then could you please send us additional information
about the server? If it's a server on the public Internet, then we'd
need to know the server address (www...), or, if it's an Intranet
server, then someone would have to save a copy of the certificates used
by the server, which can be retrieved by running diagnostic utilities.
Let us know if you'd like to have instructions on how to do that.

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.18.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.18.1

Network Security Services (NSS) 3.18.1 is a patch release
for NSS 3.18 to update the list of root CA certificates.

No new functionality is introduced in this release.

Notable Changes:
* The following CA certificate had the Websites and Code Signing
  trust bits restored to their original state to allow more time
  to develop a better transition strategy for affected sites:
  - OU = Equifax Secure Certificate Authority
* The following CA certificate was removed:
  - CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
* The following intermediate CA certificate has been added as
  actively distrusted because it was mis-used to issue certificates
  for domain names the holder did not own or control:
  - CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG
* The version number of the updated root CA list has been set
  to 2.4

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18.1_release_notes

The HG tag is NSS_3_18_1_RTM. NSS 3.18.1 requires NSPR 4.10.8 or newer.

NSS 3.18.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.18.1&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.18 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.18,
which is a minor release.

New functionality:
* When importing certificates and keys from a PKCS#12 source,
  it's now possible to override the nicknames, prior to importing
  them into the NSS database, using new API
  SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
  -C, -D, -b and -R.
  Use -C one, two or three times to print information about the
  certificates received from a server, and information about the
  locally found and trusted issuer certificates, to diagnose
  server side configuration issues. It is possible to run tstclnt
  without providing a database (-D). A PKCS#11 library that
  contains root CA certificates can be loaded by tstclnt, which
  may either be the nssckbi library provided by NSS (-b) or
  another compatible library (-R).

New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames

New Types
* SEC_PKCS12NicknameRenameCallback

Notable Changes:
* The highest TLS protocol version enabled by default has been
  increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
  protocol version enabled by default has been increased from
  DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
  pair has been increased from 1024 bits to 2048 bits.
* On Mac OS X, by default the softokn shared library will link
  with the sqlite library installed by the operating system,
  if it is version 3.5 or newer.
* The following CA certificates had the Websites and Code Signing
  trust bits turned off:
  - Equifax Secure Certificate Authority 
  - Equifax Secure Global eBusiness CA-1 
  - TC TrustCenter Class 3 CA II 
* The following CA certificates were Added:
  - Staat der Nederlanden Root CA - G3
  - Staat der Nederlanden EV Root CA
  - IdenTrust Commercial Root CA 1
  - IdenTrust Public Sector Root CA 1
  - S-TRUST Universal Root CA
  - Entrust Root Certification Authority - G2
  - Entrust Root Certification Authority - EC1
  - CFCA EV ROOT
* The version number of the updated root CA list has been set
  to 2.3

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18_release_notes

The HG tag is NSS_3_18_RTM. NSS 3.18 requires NSPR 4.10.8 or newer.

NSS 3.18 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_18_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.18&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

[Kai Engert]

On Mon, 2015-02-02 at 07:47 -0800, Sean Leonard wrote:
> See "Building NSS", which I think most people who do a rudimentary 
> Google search would find when they want to build NSS:
> 
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Building


Thanks for the link, I've fixed the page.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

[Kai Engert]

On Mon, 2015-02-02 at 13:21 +0100, helpcrypto helpcrypto wrote:
> On Mon, Feb 2, 2015 at 1:17 PM, Kai Engert  wrote:
> 
> > > exported:
> > > OS_TARGET=WINNT
> >
> > Please use OS_TARGET=WIN95
> >
> > That's the newer and supported configuration.
> >
> > LOL
> hahahahahahahahahahahahahahaha
> 
> I love you kaie ;)

https://bugzilla.mozilla.org/show_bug.cgi?id=814982


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

[Kai Engert]

On Sun, 2015-02-01 at 20:34 -0800, Sean Leonard wrote:
> I'm trying to build NSS 3.17.4 on Windows 7 with the latest 
> MozillaBuild. Although I was able to work around a build error, it would 
> be appreciated if the NSS folks get the NSPR folks to fix the problem.
> 
> Used:
> https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_4_RTM/src/
> 
> nss-3.17.4-with-nspr-4.10.7.tar.gz
> 
> exported:
> OS_TARGET=WINNT

Please use OS_TARGET=WIN95

That's the newer and supported configuration.

If you found any place that suggests to use WINNT, we should update that
location.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.4.

Network Security Services (NSS) 3.17.4 is a patch release for NSS 3.17.

No new functionality is introduced in this release.

Notable Changes:
* If an SSL/TLS connection fails, because client and server don't have
  any common protocol version enabled, NSS has been changed to report
  error code SSL_ERROR_UNSUPPORTED_VERSION (instead of reporting
  SSL_ERROR_NO_CYPHER_OVERLAP).
* libpkix was fixed to prefer the newest certificate, if multiple 
  certificates match.
* fixed a memory corruption issue during failure of keypair generation.
* fixed a failure to reload a PKCS#11 module in FIPS mode.
* fixed interoperability of NSS server code with a LibreSSL client.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes

The HG tag is NSS_3_17_4_RTM. NSS 3.17.4 requires NSPR 4.10.7 or newer.

NSS 3.17.4 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_4_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17.4&product=NSS

SHA1SUMS
76beddfea9f1503920e40d7066aa704bbaeef558  nss-3.17.4.tar.gz
3641d13371107a879aed1a6ffcbaf20d8e572114  nss-3.17.4-with-nspr-4.10.7.tar.gz

SHA256SUMS
1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79  
nss-3.17.4.tar.gz
21c7bc1f2c2c44d1e0abe66dd96a93ea2a2f3214261404ccb21e5d1075c27f2e  
nss-3.17.4-with-nspr-4.10.7.tar.gz



signature.asc
Description: This is a digitally signed message part
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Problems with python-nss get_cert_nicknames

[Kai Engert]

On Fri, 2015-01-09 at 12:10 -0800, Roger Dunn wrote:
> Yes, that was me on both posts... the first one was taking awhile to
> pop up on the grid (overnight), thought it was lost in a black hole.

Your message arrived on the list via posting to the newsgroup. Those
messages often end up in the moderation queue, which is only looked at
(at most) once a day.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Fwd: Guidance for NSS, NSPR cross compilation

[Kai Engert]

On Fri, 2014-12-12 at 03:45 -0800, sachin gupta wrote:
> I would appreciate if you could help me with any documentation on NSS
> cross compilation for Arm

Sorry, I don't have experience on this topic.


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Fwd: Guidance for NSS, NSPR cross compilation

[Kai Engert]

On Wed, 2014-12-10 at 12:25 +0900, Kosuke Kaizuka wrote:
> Why you choose such an old and out-of-dated version of NSS?
> 3.17.3 (current latest stable) or 3.16.6 (used in current Fx/Tb 31.x
> ESR branches) should be used.

Clarification: FF/TB 31.x currently use 3.16.2.3

3.16.6 is older, 3.16.2.3 is newer.
(See also my message from 2014-10-27 on this list.)

Should any future NSS bugfixes be backported for FF/TB 31.x ESR, they
will probably be added on the NSS_3_16_2_BRANCH and we might produce
additional 3.16.2.x releases.

If anyone still uses 3.16.6, they should upgrade to NSS 3.17.3

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.3.

Network Security Services (NSS) 3.17.3 is a patch release for NSS 3.17.

New functionality:
* Support for TLS_FALLBACK_SCSV has been added to the ssltap and
  tstclnt utilities

Notable Changes:
* The QuickDER decoder now decodes lengths robustly
  (CVE-2014-1569)
* The following 1024-bit CA certificates were Removed:
  - GTE CyberTrust Global Root
  - Thawte Server CA
  - Thawte Premium Server CA
  - America Online Root Certification Authority 1
  - America Online Root Certification Authority 2
* The following CA certificates had the Websites and Code Signing
  trust bits turned off:
  - Class 3 Public Primary Certification Authority - G2
  - Equifax Secure eBusiness CA-1
* The following CA certificates were Added:
  - COMODO RSA Certification Authority
  - USERTrust RSA Certification Authority
  - USERTrust ECC Certification Authority
  - GlobalSign ECC Root CA - R4
  - GlobalSign ECC Root CA - R5
* The version number of the updated root CA list has been set
  to 2.2

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes

The HG tag is NSS_3_17_3_RTM. NSS 3.17.3 requires NSPR 4.10.7 or newer.

NSS 3.17.3 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_3_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17.3&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

please subscribe prior to posting to this list

[Kai Engert]

Hello everyone,

I understand there are several mechanisms for reading this list.
However, depending on the way you choose to post to this list, your post
may be stuck in a moderation queue until a moderator is able to approve
it.

If you'd like to ensure that your post goes to the list immediately, the
recommended approach is to subscribe to this list, using
https://lists.mozilla.org/listinfo/dev-tech-crypto
and sending your message using the same email address that you've used
to subscribe to the list.

Regards
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Disable SSL 3 by default in NSS in April 2015.

[Kai Engert]

Because of the POODLE security vulnerability, it has been widely
suggested to disable SSL 3.

Unfortunately there are still deployments where SSL 3 is the only
supported version of SSL/TLS. 

Changing the default in NSS to disable SSL 3 will break applications
that rely on the NSS default and which don't offer configuration options
to override the NSS default.

Therefore we plan to keep SSL 3 enabled by default for another few
months, allowing everyone to migrate legacy applications, and/or to
enhance applications to add configuration mechanisms.

We plan to disable SSL 3 by default in all versions that will be
released after April 1st 2015.

We strongly recommend that applications implement configuration
mechanisms, allowing users to override the set of SSL/TLS protocol
versions enabled by the NSS library. In case of future incidents, should
additional protocol versions be considered insecure, it would allow the
NSS team to change the defaults with shorter notice, and it would
benefit applications that relied on the NSS library defaults.

For users of NSS that already use the new NSS shared database file
format (cert9.db/key4.db/pkcs11.txt): An enhancement is currently under
development, that will allow configuration of the ciphers and protocols
used by NSS for SSL/TLS, independently of application code, by editing
the NSS configuration file pkcs11.txt (see mozilla bug 1009429).

On behalf of the NSS development team


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.16.2.3 Release

[Kai Engert]

On Mon, 2014-10-27 at 14:59 +0100, Kai Engert wrote:
> The NSS Development Team announces the release of NSS 3.16.2.3
> 
> Network Security Services (NSS) 3.16.2.3 is a patch release
> for NSS 3.16, to fix a regression.

Sorry, this paragraph should have said:

Network Security Services (NSS) 3.16.2.3 is a patch release
for NSS 3.16. It fixes a bug and contains a backport of the
TLS_FALLBACK_SCSV feature, which was originally made available in NSS
3.17.1.


> New functionality:
> * TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
>   handshake is the result of TLS version fallback.
> 
> New Macros:
> * SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables
>   TLS_FALLBACK_SCSV. Off by default.
> * SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code.
> * TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a
>   handshake is the result of TLS version fallback.
> 
> The following bug has been resolved in NSS 3.16.2.3:
> * Bug 1057161 - NSS hangs with 100% CPU on invalid EC key
> * Bug 1036735 - Add support for draft-ietf-tls-downgrade-scsv
> 
> The full release notes are available at
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.3_release_notes
> 
> The HG tag is NSS_3_16_2_3_RTM. NSS 3.16.2.3 requires NSPR 4.10.6 or
> newer.
> 
> NSS 3.16.2.3 source distributions are also available on ftp.mozilla.org
> for secure HTTPS download:
> https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_3_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.3

Network Security Services (NSS) 3.16.2.3 is a patch release
for NSS 3.16, to fix a regression.

New functionality:
* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

New Macros:
* SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables
  TLS_FALLBACK_SCSV. Off by default.
* SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code.
* TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

The following bug has been resolved in NSS 3.16.2.3:
* Bug 1057161 - NSS hangs with 100% CPU on invalid EC key
* Bug 1036735 - Add support for draft-ietf-tls-downgrade-scsv

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.3_release_notes

The HG tag is NSS_3_16_2_3_RTM. NSS 3.16.2.3 requires NSPR 4.10.6 or
newer.

NSS 3.16.2.3 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_3_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Information regarding NSS versions 3.16.2.x, 3.16.x, 3.17.x

[Kai Engert]

This message is to clarify the status of the latest NSS releases.

We'll shortly announce NSS 3.16.2.3

The motivation is to support the Firefox 31.x extended support release
(ESR) branch. The NSS 3.16.2.x releases still contain the set of root CA
certificates used by Firefox 31 ESR.

NSS 3.16.3 and newer contain an updated list of root CA certificates
with several legacy roots removed. Users of NSS 3.16.3/4/5/6 should
upgrade to the latest NSS 3.17.x release.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

So, let's get this clarified with test results.

I've tested Firefox 34 beta 1.

Because bug 1076983 hasn't landed on the beta branch yet, the current
Firefox 34 beta 1 still has SSL3 enabled.

With this current default configuration (SSL3 enabled), Firefox will
fall back to SSL3.

Then I used about:config and changed security.tls.version.min to 1
(which means TLSv1, thereby disabling SSL3).

With SSL3 disabled, Firefox 34 no longer falls back to SSL3.

When attempting to connect to a SSL3-only server, I see Firefox 34
attempting three connections, with TLS 1.2 {3,3}, TLS 1.1 {3,2} and TLS
1.0 {3,1}, but not SSL3.

In other words, with SSL3 disabled, Firefox 34 doesn't attempt a
fallback to use SSL3.

With these new results, it's no longer clear to me what Florian was
referring to.

On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote:
> Why is disabling SSL 3.0 acceptable, but getting rid of the broken
> fallback which will keep endangering users for a long time to come is
> not?

Florian, did you assume that Firefox would still fall back to SSl3?
That's not happening.
With SSL3 disabled, the intention, as I understand it, is to disable
SSL3 completely, not even using it when falling back.

On the other hand, Firefox will continue to fall back to non-disabled
versions of TLS (such as TLS 1.1 and TLS 1.0).

Is this what you're worried about?

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Tue, 2014-10-21 at 01:40 +0200, Kai Engert wrote:
> On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
> > Do you claim that Firefox 34 will continue to fall back to SSL 3 when
> > necessary?
> 
> Yes. If I understand correctly, it seems that Firefox indeed still falls
> back to SSL3, even with SSL3 disabled.

I'm sorry if I got this wrong, inspired by Florian's claim (still
falling back) and my quick reading of the code. Let's get this
clarified.

My reading of the source indicated that adjustForTLSIntolerance would
fall back until it reaches SSL3.

However, trying to connect to a SSL3-only server like
https://bod.bodmillenium.com using Firefox 33 and 36 fails (with min.tls
set to 1).

So hopefully I was wrong.

Thanks
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Mon, 2014-10-20 at 16:45 -0700, Julien Pierre wrote:
> What is the purpose of Firefox continuing to do any fallback at all ?
> IMO, making a second connection with any lower version of SSL/TLS 
> defeats the intent of the SSL/TLS protocol, which have built-in defenses 
> against protocol version downgrade.
> Isn't it time this fallback gets eliminated at last ?

I'm stating what I found, I'm not making that decision.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Thu, 2014-10-16 at 20:51 +0200, Kai Engert wrote:
> Do you claim that Firefox 34 will continue to fall back to SSL 3 when
> necessary?

Yes. If I understand correctly, it seems that Firefox indeed still falls
back to SSL3, even with SSL3 disabled.

I found 
  https://bugzilla.mozilla.org/show_bug.cgi?id=1083058
which intends to implement a preference to configure the oldest allowed
protocol version to fallback to, with a propose mininum of 1 (TLS1).

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Thu, 2014-10-16 at 20:27 +0200, Florian Weimer wrote:
> A lot of this has already been hashed out on the IETF TLS WG mailing
> list, with a slightly different perspective.
> 
> Why is disabling SSL 3.0 acceptable, but getting rid of the broken
> fallback which will keep endangering users for a long time to come is
> not?

Please let's make sure there are no misunderstandings.

Do you claim that Firefox 34 will continue to fall back to SSL 3 when
necessary?

I was hoping that Firefox 34 would completely disable SSL 3, no longer
accepting servers requesting to use that version, and no longer
initiating any SSL 3 connections, not even when falling back.

Did I understand incorrectly?

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Proposal: Disable SSLv3 in Firefox ESR 31

[Kai Engert]

On Thu, 2014-10-16 at 10:31 -0700, Richard Barnes wrote:
> By now, you've probably heard about the POODLE attacks on SSLv3, and
> our decision to disable SSLv3 by default in Firefox 34 [1].  Several
> people have proposed that we also make this change in Firefox ESR 31.  
> 
> So I wanted to propose that we also disable SSLv3 by default in ESR 31
> at about the same time as we do it in 34, that is, around November 25.
> 
> If there are any objections or comments on that proposal, please raise
> them in this thread.

FYI, it's actually more than a proposal.

It has been clarified in the bug, disabling it in Firefox 31.3 is
already planned:
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983#c73

So, if you have any objections, please speak up.

Thanks
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.2

Network Security Services (NSS) 3.17.2 is a patch release
for NSS 3.17, to fix a regression and other bugs.

No new functionality is introduced in this release.

The following bugs have been resolved in NSS 3.17.2.
* Bug 1049435 - Importing an RSA private key fails if p < q
* Bug 1057161 - NSS hangs with 100% CPU on invalid EC key
* Bug 1078669 - certutil crashes when using the --certVersion parameter 

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.2_release_notes

The HG tag is NSS_3_17_2_RTM. NSS 3.17.2 requires NSPR 4.10.7 or newer.

NSS 3.17.2 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_2_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17.2&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.6 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.6

Network Security Services (NSS) 3.16.6 is a patch release
for NSS 3.16, to fix a regression.

No new functionality is introduced in this release.

The following bug has been resolved in NSS 3.16.6.
* Bug 1049435 - Importing an RSA private key fails if p < q

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.6_release_notes

The HG tag is NSS_3_16_6_RTM. NSS 3.16.6 requires NSPR 4.10.6 or newer.

NSS 3.16.6 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_6_RTM/src/



-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.2

Network Security Services (NSS) 3.16.2.2 is a patch release
for NSS 3.16, to fix a regression.

No new functionality is introduced in this release.

The following bug has been resolved in NSS 3.16.2.2.
* Bug 1049435 - Importing an RSA private key fails if p < q

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.2_release_notes

The HG tag is NSS_3_16_2_2_RTM. NSS 3.16.2.2 requires NSPR 4.10.6 or
newer.

NSS 3.16.2.2 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_2_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.17.1

Network Security Services (NSS) 3.17.1 is a patch release
for NSS 3.17

The following security-relevant bugs have been resolved in NSS 3.17.1.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature Forgery in NSS

See also:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

The NSS development team would like to thank Antoine Delignat-Lavaud,
security researcher at Inria Paris in team Prosecco, and the Advanced
Threat Research team at Intel Security, who both independently
discovered and reported this issue, for responsibly disclosing the issue
by providing advance copies of their research.

New functionality:
* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

New Macros:
* SSL_ENABLE_FALLBACK_SCSV - an SSL socket option that enables
  TLS_FALLBACK_SCSV. Off by default.
* SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT - a new SSL error code.
* TLS_FALLBACK_SCSV - a a signaling cipher suite value that indicates a
  handshake is the result of TLS version fallback.

Notable Changes:
* Signature algorithms now use SHA-256 instead of SHA-1 by default.
* Added support for Linux on little-endian powerpc64.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.1_release_notes

The HG tag is NSS_3_17_1_RTM. NSS 3.17.1 requires NSPR 4.10.7 or newer.

NSS 3.17.1 source distributions are available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17.1&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.5 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.5

Network Security Services (NSS) 3.16.5 is a patch release
for NSS 3.16.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.16.5.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature Forgery in NSS

See also:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

The NSS development team would like to thank Antoine Delignat-Lavaud,
security researcher at Inria Paris in team Prosecco, and the Advanced
Threat Research team at Intel Security, who both independently
discovered and reported this issue, for responsibly disclosing the issue
by providing advance copies of their research.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.5_release_notes

The HG tag is NSS_3_16_5_RTM. NSS 3.16.5 requires NSPR 4.10.6 or newer.

NSS 3.16.5 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_5_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.1

Network Security Services (NSS) 3.16.2.1 is a patch release
for NSS 3.16.

No new functionality is introduced in this release.

The following security-relevant bugs have been resolved in NSS 3.16.2.1.
Users are encouraged to upgrade immediately.
* Bug 1064636 - (CVE-2014-1568) RSA Signature Forgery in NSS

See also:
https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

The NSS development team would like to thank Antoine Delignat-Lavaud,
security researcher at Inria Paris in team Prosecco, and the Advanced
Threat Research team at Intel Security, who both independently
discovered and reported this issue, for responsibly disclosing the issue
by providing advance copies of their research.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2.1_release_notes

The HG tag is NSS_3_16_2_1_RTM. NSS 3.16.2.1 requires NSPR 4.10.6 or
newer.

NSS 3.16.2.1 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_1_RTM/src/


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Firefox 31, no way to override certain bad certs

[Kai Engert]

Hi,

it seems that Firefox 31 (caused by mozilla::pkix?) has introduced a
serious usability regression.

Firefox no longer allows to override bad certificate errors of routers
or other devices with a built in https web interface.

As reported in several bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063315
https://bugzilla.mozilla.org/show_bug.cgi?id=1042889
https://bugzilla.mozilla.org/show_bug.cgi?id=1063945 (by me)

it's impossible to connect to the web interface of routers, that use an
internal certificate which has become invalid.

I believe it's crucial that an override continues to be possible,
allowing administrators to use Firefox for their hardware
administration.

I'm particularly worried that this will cause lots of trouble when
enterprises migrate from Firefox 24 to Firefox 31 soon.

I think this should be fixed on the Firefox 31 branch.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.17 Release

[Kai Engert]

The NSS team has released Network Security Services (NSS) 3.17, 
which is a minor release.

New functionality:
* When using ECDHE, the TLS server code may be configured to generate
  a fresh ephemeral ECDH key for each handshake, by setting the
  SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
  SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means
  the server's ephemeral ECDH key is reused for multiple handshakes.
  This option does not affect the TLS client code, which always
  generates a fresh ephemeral ECDH key for each handshake.

New Macros
* SSL_REUSE_SERVER_ECDHE_KEY

Notable Changes:
* The manual pages for the certutil and pp tools have been updated to
  document the new parameters that had been added in NSS 3.16.2.
* On Windows, the new build variable USE_STATIC_RTL can be used to
  specify the static C runtime library should be used. By default the
  dynamic C runtime library is used.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes

The HG tag is NSS_3_17_RTM. NSS 3.17 requires NSPR 4.10.7 or newer.

NSS 3.17 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.4 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.4.

Network Security Services (NSS) 3.16.4 is a patch release for NSS 3.16.

This release consists primarily of CA certificate changes as listed 
below, and includes a small number of bug fixes.

Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
  time to develop a better transition strategy for affected sites. It was
  removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
  forum led to the decision to keep this root included longer in order to
  give website administrators more time to update their web servers.
  - CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification 
  Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
  intermediate CA certificate has been included, without explicit trust.
  The intention is to mitigate the effects of the previous removal of the
  1024-bit Entrust.net root certificate, because many public Internet 
  sites still use the "USERTrust Legacy Secure Server CA" intermediate 
  certificate that is signed by the 1024-bit Entrust.net root certificate.
  The inclusion of the intermediate certificate is a temporary measure to
  allow those sites to function, by allowing them to find a trust path to
  another 2048-bit root CA certificate. The temporarily included 
  intermediate certificate expires November 1, 2015.

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.4_release_notes

The HG tag is NSS_3_16_4_RTM. NSS 3.16.4 requires NSPR 4.10.6 or newer.

NSS 3.16.4 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_4_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.16.4&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: certutil - iPaddress SubjectAltName extension

[Kai Engert]

On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
> Is there any documentation available for '--extSAN' parameter? Mr. 
> Google did not find any helpful resource.

Look at the help output that certutil produces with the -H command:

  --extSAN type:name[,type:name]... 
  Create a Subject Alt Name extension with one or multiple names
  - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,
  other, registerid, rfc822, uri, x400, x400addr

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: certutil - iPaddress SubjectAltName extension

[Kai Engert]

On Mon, 2014-07-14 at 10:47 +0200, Bernhard Thalmayr wrote:
> What is the reason, why certutil supports 'dNSName' GeneralNames for 
> SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?

Do you refer to the command line parameters -7 and -8 ?
I don't know why this subset was chosen in the past.

However, just recently we added support for additional SAN variations
(in version 3.16.2), which provides the new parameter --extSAN.

Can you try it? If it doesn't work as expected, please let us know.

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.3 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.3.

Network Security Services (NSS) 3.16.3 is a patch release for NSS 3.16.

This release consists primarily of CA certificate changes as listed
below, and fixes an issue with a recently added utility function.

New Functions:
* CERT_GetGeneralNameTypeFromString (This function was already added 
  in NSS 3.16.2, however, it wasn't declared in a public header file.)

Notable Changes:
* The following 1024-bit CA certificates were Removed
  - Entrust.net Secure Server Certification Authority
  - GTE CyberTrust Global Root
  - ValiCert Class 1 Policy Validation Authority
  - ValiCert Class 2 Policy Validation Authority
  - ValiCert Class 3 Policy Validation Authority
* Additionally, the following CA certificate was Removed as
  requested by the CA:
  - TDC Internet Root CA
* The following CA certificates were Added:
  - Certification Authority of WoSign
  - CA 沃通根证书
  - DigiCert Assured ID Root G2
  - DigiCert Assured ID Root G3
  - DigiCert Global Root G2
  - DigiCert Global Root G3
  - DigiCert Trusted Root G4
  - QuoVadis Root CA 1 G3
  - QuoVadis Root CA 2 G3
  - QuoVadis Root CA 3 G3
* The Trust Bits were changed for the following CA certificates
  - Class 3 Public Primary Certification Authority
  - Class 3 Public Primary Certification Authority
  - Class 2 Public Primary Certification Authority - G2
  - VeriSign Class 2 Public Primary Certification Authority - G3
  - AC Raíz Certicámara S.A.
  - NetLock Uzleti (Class B) Tanusitvanykiado
  - NetLock Expressz (Class C) Tanusitvanykiado

The full release notes, including further details and the SHA1
fingerprints of the changed CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.3_release_notes

The HG tag is NSS_3_16_3_RTM. NSS 3.16.3 requires NSPR 4.10.6 or newer.

NSS 3.16.3 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_3_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.16.3&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.2 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.2.

Network Security Services (NSS) 3.16.2 is a patch release for NSS 3.16.

New functionality:
* DTLS 1.2 is supported.
* The TLS application layer protocol negotiation (ALPN) extension 
  is also supported on the server side.
* RSA-OEAP is supported. Use the new PK11_PrivDecrypt and 
  PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism.
* New Intel AES assembly code for 32-bit and 64-bit Windows, 
  contributed by Shay Gueron and Vlad Krasnov of Intel.

New Functions:
* CERT_AddExtensionByOID
* PK11_PrivDecrypt
* PK11_PubEncrypt

New Macros
* SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK
* SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL

Notable Changes:
* The btoa command has a new command-line option -w suffix, which 
  causes the output to be wrapped in BEGIN/END lines with the 
  given suffix
* The certutil commands supports additionals types of subject
  alt name extensions.
* The certutil command supports generic certificate extensions,
  by loading binary data from files, which have been prepared using
  external tools, or which have been extracted from other existing
  certificates and dumped to file.
* The certutil command supports three new certificate usage specifiers.
* The pp command supports printing UTF-8 (-u).
* On Linux, NSS is built with the -ffunction-sections -fdata-sections 
  compiler flags and the --gc-sections linker flag to allow unused 
  functions to be discarded.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.2_release_notes

The HG tag is NSS_3_16_2_RTM. NSS 3.16.2 requires NSPR 4.10.6 or newer.

NSS 3.16.2 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_2_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.16.2&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: certutil adding certificate with extra attributes

[Kai Engert]

On Do, 2014-05-08 at 19:03 +0530, radiatejava wrote:
> I am using NSS db and utility to maintain certificates for a web
> server. I am facing an issue, please go through the steps I am
> listing. Can anyone explain why I am getting 'u' attr for certificate
> with ca-3 alias even though I did not provide this attribute while
> adding it.

The 'u' attribute means 'user owned', that certutil is able to see a
private key along with the certificate.


> This is creating problem for me - CA signed cert with
> tomcat is not considered as the server certificate but the one with
> ca-3 is being considered.

Too few details to answer this question. I don't know why your
certificate is not accepted as a server certificate by the tomcat
software.

You could post the contents of the certificate, and explain how you
exported the certificate from NSS.

To view a dump of a certificate using certutil, use:
certutil -d directory -L -n nickname-of-the-server-certificate

Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16.1 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16.1.

Network Security Services (NSS) 3.16.1 is a patch release for NSS 3.16.

New functionality:
* Added the "ECC" flag for modutil to select the module used for
  elliptic curve cryptography (ECC) operations.

New Functions:
* PK11_ExportDERPrivateKeyInfo
* PK11_ExportPrivKeyInfo
* SECMOD_InternalToPubMechFlags

New Types:
* ssl_padding_xtn

New Macros
* PUBLIC_MECH_ECC_FLAG
* SECMOD_ECC_FLAG

Notable Changes:
* Imposed name constraints on the French government root CA ANSSI
  (DCISS).

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes

The HG tag is NSS_3_16_1_RTM. NSS 3.16.1 requires NSPR 4.10.5 or newer.

NSS 3.16.1 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_1_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.16.1&product=NSS


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

NSS troubleshooting links

[Kai Engert]

I'm not aware of a troubleshooting reference for NSS.

Let's collect information on how to troubleshoot NSS at runtime.
Debugging tips, how to enable tracing of the various modules, etc.

I suggest to add to this page:
https://developer.mozilla.org/en-US/docs/NSS_troubleshooting

If you have anything to add, but don't want to create an account for the
wiki, please post email, and we can add it for you.

Thanks in advance for your contribution!
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

[ANNOUNCE] NSS 3.16 Release

[Kai Engert]

The NSS Development Team announces the release of NSS 3.16, which is
a minor release.

The HG tag is NSS_3_16_RTM. NSS 3.16 requires NSPR 4.10.3 or newer.
Support for the Linux x32 ABI requires NSPR 4.10.4 or newer.

The following security-relevant bug has been resolved.
Users are encouraged to upgrade immediately.
* Bug 903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard
  character should not be embedded within the U-label of an
  internationalized domain name. See the last bullet point in RFC 6125,
  Section 7.2.

New functionality:
* Supports the Linux x32 ABI. To build for the Linux x32 target, set 
  the environment variable USE_X32=1 when building NSS.

New Functions:
* NSS_CMSSignerInfo_Verify

New Macros
* TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc.,
  cipher suites that were first defined in SSL 3.0 can now be referred
  to with their official IANA names in TLS, with the TLS_ prefix.
  Previously, they had to be referred to with their names in SSL 3.0,
  with the SSL_ prefix.

Notable Changes:
* ECC is enabled by default. It is no longer necessary to set the
  environment variable NSS_ENABLE_ECC=1 when building NSS. To disable
  ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS names when
  evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime
  test sdb_measureAccess.
* The built-in roots module has been updated to version 1.97, which
  adds, removes, and distrusts several certificates.
* The atob utility has been improved to automatically ignore lines of
  text that aren't in base64 format.
* The certutil utility has been improved to support creation of 
  version 1 and version 2 certificates, in addition to the existing
  version 3 support.

The full release notes are available at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes

NSS 3.16 source distributions are also available on ftp.mozilla.org
for secure HTTPS download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_16_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.16


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Cryptoki interface to decrypt mail with thunderbird

[Kai Engert]

On Do, 2014-03-13 at 14:12 +0200, Leon Brits wrote: 
> Attached is a log of the backtrace

Hi Leon, the mailing list probably discards attachments. Could you
please paste the stack trace as plain text into a new message?

Thanks
Kai


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto