The NSS team has released Network Security Services (NSS) 3.27.1. This is a patch release to address a TLS compatibility issue that some applications experienced with NSS 3.27.
Notable Changes: Availability of the TLS 1.3 (draft) implementation has been re-disabled in the default build. Previous versions of NSS made TLS 1.3 (draft) available only when compiled with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the maximum version used by default remained TLS 1.2. However, some applications query the list of protocol versions that are supported by the NSS library, and enable all supported TLS protocol versions. Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused those applications to enable TLS 1.3 (draft). This resulted in connectivity failures, as some TLS servers are version 1.3 intolerant, and failed to negotiate an earlier TLS version with NSS 3.27 clients. NSS 3.27.1 once again requires NSS_ENABLE_TLS_1_3 to be set to enable TLS 1.3 (draft). ( https://bugzilla.mozilla.org/show_bug.cgi?id=1306985 ) The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27.1_release_notes The HG tag is NSS_3_27_1_RTM. NSS 3.27.1 requires NSPR 4.13 or newer. NSS 3.27.1 source distributions are available for secure download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_27_1_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto