1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
|
.. _mozilla_projects_nss_nss_3_24_release_notes:
NSS 3.24 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The Network Security Services (NSS) team has released NSS 3.24, which is a minor release.
.. _distribution_information:
`Distribution information <#distribution_information>`__
--------------------------------------------------------
.. container::
The hg tag is NSS_3_24_RTM. NSS 3.24 requires Netscape Portable Runtime(NSPR) 4.12 or newer.
NSS 3.24 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_24_RTM/src/
.. _new_in_nss_3.24:
`New in NSS 3.24 <#new_in_nss_3.24>`__
--------------------------------------
.. container::
NSS 3.24 includes two NSS softoken updates, a new function to configure SSL/TLS server sockets,
and two functions to improve the use of temporary arenas.
.. _new_functionality:
`New functionality <#new_functionality>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- NSS softoken has been updated with the latest National Institute of Standards and Technology
(NIST) guidance (as of 2015):
- Software integrity checks and POST functions are executed on shared library load. These
checks have been disabled by default, as they can cause a performance regression. To enable
these checks, you must define symbol NSS_FORCE_FIPS when building NSS.
- Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow.
- Additional CSPs are zeroed in the code.
- NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime
based on prime size.
- NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This
mode is triggered by setting the database password to the empty string. In FIPS mode, you may
move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse.
- A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a
certificate and private key. Use this new function in place of SSL_ConfigSecureServer,
SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate
type from the certificate and private key. The caller is no longer required to use SSLKEAType
explicitly to select a "slot" into which the certificate is configured (which incorrectly
identifies a key agreement type rather than a certificate). Separate functions for configuring
Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not
needed, since these can be added to the optional SSLExtraServerCertData struct provided to
SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS)
certificates has been added. Although these certificates can be configured, they will not be
used by NSS in this version.
- For functions that use temporary arenas, allocating a PORTCheapArena on the stack is more
performant than allocating a PLArenaPool on the heap. Rather than declaring a PLArenaPool
pointer and calling PORT_NewArena/PORT_FreeArena to allocate or free an instance on the heap,
declare a PORTCheapArenaPool on the stack and use PORT_InitCheapArena/PORT_DestroyCheapArena
to initialize and destroy it. Items allocated from the arena are still created on the heap,
only the arena itself is stack-allocated. Note: This approach is only useful when the arena
use is tightly bounded, for example, if it is only used in a single function.
.. _new_elements:
`New elements <#new_elements>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
This section lists and briefly describes the new functions, types, and macros in NSS 3.24.
.. rubric:: New functions
:name: new_functions
- *In ssl.h*
- SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate, private key, and
other information.
- *In secport.h*
- PORT_InitCheapArena - Initializes an arena that was created on the stack. (See
PORTCheapArenaPool.)
- PORT_DestroyCheapArena - Destroys an arena that was created on the stack. (See
PORTCheapArenaPool.)
.. rubric:: New types
:name: new_types
- *In sslt.h*
- SSLExtraServerCertData - Optionally passed as an argument to SSL_ConfigServerCert. This
struct contains supplementary information about a certificate, such as the intended type of
the certificate, stapled OCSP responses, or Signed Certificate Timestamps (used for
`certificate transparency <https://datatracker.ietf.org/doc/html/rfc6962>`__).
- *In secport.h*
- PORTCheapArenaPool - A stack-allocated arena pool, to be used for temporary arena
allocations.
.. rubric:: New macros
:name: new_macros
- *In pkcs11t.h*
- CKM_TLS12_MAC
- *In secoidt.h*
- SEC_OID_TLS_ECDHE_PSK - This OID governs the use of the
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is used only for session
resumption in TLS 1.3.
.. _notable_changes_in_nss_3.24:
`Notable changes in NSS 3.24 <#notable_changes_in_nss_3.24>`__
--------------------------------------------------------------
.. container::
Additions, deprecations, and other changes in NSS 3.24 are listed below.
- Deprecate the following functions. (Applications should instead use the new
SSL_ConfigServerCert function.)
- SSL_SetStapledOCSPResponses
- SSL_SetSignedCertTimestamps
- SSL_ConfigSecureServer
- SSL_ConfigSecureServerWithCertChain
- Deprecate the NSS_FindCertKEAType function, as it reports a misleading value for certificates
that might be used for signing rather than key exchange.
- Update SSLAuthType to define a larger number of authentication key types.
- Deprecate the member attribute **authAlgorithm** of type SSLCipherSuiteInfo. Instead,
applications should use the newly added attribute **authType**.
- Rename ssl_auth_rsa to ssl_auth_rsa_decrypt.
- Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH.
- Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible
client hello. However, the server-side implementation of the SSL/TLS protocol still supports
processing of received v2-compatible client hello messages.
- Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a
logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in
optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS.
- Update NSS to protect it against the Cachebleed attack.
- Disable support for DTLS compression.
- Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is
experimental and not suitable for production use.
.. _bugs_fixed_in_nss_3.24:
`Bugs fixed in NSS 3.24 <#bugs_fixed_in_nss_3.24>`__
----------------------------------------------------
.. container::
This Bugzilla query returns all the bugs fixed in NSS 3.24:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.24
`Acknowledgements <#acknowledgements>`__
----------------------------------------
.. container::
The NSS development team would like to thank Yuval Yarom for responsibly disclosing the
Cachebleed attack by providing advance copies of their research.
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.24 shared libraries are backward-compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.24 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible with future versions of
the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report with
`bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
|
