The NSS Development Team announces the release of NSS 3.17.3. Network Security Services (NSS) 3.17.3 is a patch release for NSS 3.17.
New functionality: * Support for TLS_FALLBACK_SCSV has been added to the ssltap and tstclnt utilities Notable Changes: * The QuickDER decoder now decodes lengths robustly (CVE-2014-1569) * The following 1024-bit CA certificates were Removed: - GTE CyberTrust Global Root - Thawte Server CA - Thawte Premium Server CA - America Online Root Certification Authority 1 - America Online Root Certification Authority 2 * The following CA certificates had the Websites and Code Signing trust bits turned off: - Class 3 Public Primary Certification Authority - G2 - Equifax Secure eBusiness CA-1 * The following CA certificates were Added: - COMODO RSA Certification Authority - USERTrust RSA Certification Authority - USERTrust ECC Certification Authority - GlobalSign ECC Root CA - R4 - GlobalSign ECC Root CA - R5 * The version number of the updated root CA list has been set to 2.2 The full release notes, including further details and the SHA1 fingerprints of the changed CA certificates, are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.3_release_notes The HG tag is NSS_3_17_3_RTM. NSS 3.17.3 requires NSPR 4.10.7 or newer. NSS 3.17.3 source distributions are also available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_3_RTM/src/ A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.17.3&product=NSS -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto