Am Samstag, 20. Juni 2015 04:04:34 UTC+2 schrieb Ryan Sleevi:
> The NSS Development Team announces the release of NSS 3.19.2
>
> Network Security Services (NSS) is a patch release for NSS 3.19.
>
> No new functionality is introduced in this release. This release addresses
> a backwards compatibility issue with the NSS 3.19.1 release.
>
> Notable Changes:
> * In NSS 3.19.1, the minimum key sizes that the freebl cryptographic
> implementation (part of the softoken cryptographic module used by default
> by NSS) was willing to generate or use was increased - for RSA keys, to
> 512 bits, and for DH keys, 1023 bits. This was done as part of a security
> fix for Bug 1138554 / CVE-2015-4000. Applications that requested or
> attempted to use keys smaller then the minimum size would fail. However,
> this change in behaviour unintentionally broke existing NSS applications
> that need to generate or use such keys, via APIs such as
> SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.
>
> In NSS 3.19.2, this change in freebl behaviour has been reverted. The fix
> for Bug 1138554 has been moved to libssl, and will now only affect the
> minimum keystrengths used in SSL/TLS.
>
>
> The full release notes are available at
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes
>
> In addition to this release, the release notes for NSS 3.19 and NSS 3.19.1
> have been updated to highlight that both releases contain important
> security fixes - CVE-2015-2721 in NSS 3.19, CVE-2015-4000 in NSS 3.19.1.
>
> The updated release notes for NSS 3.19 are available at
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19_release_notes
>
> The updated release notes for NSS 3.19.1 are available at
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
>
>
> The HG tag for NSS 3.19.2 is NSS_3_19_2_RTM. NSS 3.19.2 requires NSPR
> 4.10.8 or newer.
>
> NSS 3.19.2 source distributions are available on ftp.mozilla.org for
> secure HTTPS download:
> https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_RTM/src/
>
> A complete list of all bugs resolved in this release can be obtained at
> https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.19.2
very nice. But can you tell me, when JSS will be optimized and ported to a
newer version of NSS? JSS is at the moment not usable :(
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto