Documentation: Release notes for NSS 3.88

2 files changed, 100 insertions, 13 deletions

diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst
index cdc04e626..df409423e 100644
--- a/doc/rst/releases/index.rst
+++ b/doc/rst/releases/index.rst
@@ -8,6 +8,7 @@ Releases
    :glob:
    :hidden:
 
+   nss_3_88.rst
    nss_3_87.rst
    nss_3_86.rst
    nss_3_85.rst
@@ -46,8 +47,8 @@ Releases
 
 .. note::
 
-   **NSS 3.87** is the latest version of NSS.
-   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_87_release_notes`
+   **NSS 3.88** is the latest version of NSS.
+   Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_88_release_notes`
 
    **NSS 3.79.2** is the latest ESR version of NSS.
    Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_79_2_release_notes`
@@ -55,15 +56,24 @@ Releases
 
 .. container::
 
-   Changes in 3.87 included in this release:
+   Changes in 3.88 included in this release:
 
-   - Bug 1803226 - NULL password encoding incorrect.
-   - Bug 1804071 - Fix rng stub signature for fuzzing builds.
-   - Bug 1803595 - Updating the compiler parsing for build.
-   - Bug 1749030 - Modification of supported compilers.
-   - Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database.
-   - Bug 1751707 - Add configuration option to enable source-based coverage sanitizer.
-   - Bug 1751705 - Update ECCKiila generated files.
-   - Bug 1730353 - Add support for the LoongArch 64-bit architecture.
-   - Bug 1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later.
-   - Bug 1798823 - Additional zero-length RSA modulus checks.
\ No newline at end of file
+   - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests 
+   - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. 
+   - Bug 1790357: ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup.
+   - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. 
+   - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test.
+   - Bug 1771100 - Added Bogo ECH rejection test support.
+   - Bug 1771100 - Added ECH 0Rtt support to BoGo shim. 
+   - Bug 1747957 - RSA OAEP Wycheproof JSON
+   - Bug 1747957 - RSA decrypt Wycheproof JSON
+   - Bug 1747957 - ECDSA Wycheproof JSON
+   - Bug 1747957 - ECDH Wycheproof JSON
+   - Bug 1747957 - PKCS#1v1.5 wycheproof json
+   - Bug 1747957 - Use X25519 wycheproof json
+   - Bug 1766767 - Move scripts to python3
+   - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz.
+   - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) 
+   - Bug 1804091 NSS needs to move off of DSA for integrity checks
+   - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust
+   - Bug 1806369 - Don't clone libFuzzer, rely on clang instead
\ No newline at end of file
diff --git a/doc/rst/releases/nss_3_88.rst b/doc/rst/releases/nss_3_88.rst
new file mode 100644
index 000000000..a1cd06789
--- /dev/null
+++ b/doc/rst/releases/nss_3_88.rst
@@ -0,0 +1,77 @@
+.. _mozilla_projects_nss_nss_3_88_release_notes:
+
+NSS 3.88 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.88 was released on **26 January 2023**.
+
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_88_RTM. NSS 3.88 requires NSPR 4.35 or newer.
+
+   NSS 3.88 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.88:
+
+`Changes in NSS 3.88 <#changes_in_nss_3.88>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests 
+   - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. 
+   - Bug 1790357: ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup.
+   - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. 
+   - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test.
+   - Bug 1771100 - Added Bogo ECH rejection test support.
+   - Bug 1771100 - Added ECH 0Rtt support to BoGo shim. 
+   - Bug 1747957 - RSA OAEP Wycheproof JSON
+   - Bug 1747957 - RSA decrypt Wycheproof JSON
+   - Bug 1747957 - ECDSA Wycheproof JSON
+   - Bug 1747957 - ECDH Wycheproof JSON
+   - Bug 1747957 - PKCS#1v1.5 wycheproof json
+   - Bug 1747957 - Use X25519 wycheproof json
+   - Bug 1766767 - Move scripts to python3
+   - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz.
+   - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) 
+   - Bug 1804091 NSS needs to move off of DSA for integrity checks
+   - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust
+   - Bug 1806369 - Don't clone libFuzzer, rely on clang instead
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.88 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).