The NSS team has released Network Security Services (NSS) 3.32, which is a minor release.
Below is a summary of the changes. Please refer to the full release notes for additional details, including the SHA256 fingerprints of the changed CA certificates. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.32_release_notes Notable Changes: ================ * Various minor improvements and correctness fixes. * The Code Signing trust bit was turned off for all included root certificates. * The Websites (TLS/SSL) trust bit was turned off for the following root certificates: - CN = AddTrust Class 1 CA Root - CN = Swisscom Root CA 2 * The following CA certificates were Removed: - CN = AddTrust Public CA Root - CN = AddTrust Qualified CA Root - CN = China Internet Network Information Center EV Certificates Root - CN = CNNIC ROOT - CN = ComSign Secured CA - CN = GeoTrust Global CA 2 - CN = Secure Certificate Services - CN = Swisscom Root CA 1 - CN = Swisscom Root EV CA 2 - CN = Trusted Certificate Services - CN = UTN-USERFirst-Hardware - CN = UTN-USERFirst-Object The HG tag is NSS_3_32_RTM. NSS 3.32 requires NSPR 4.16 or newer. NSS 3.32 source distributions are available for secure download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_32_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.32 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto