Source code
Revision control
Copy as Markdown
Other Tools
.. _mozilla_projects_nss_nss_3_47_release_notes:
NSS 3.47 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The NSS team has released Network Security Services (NSS) 3.47 on **18 October 2019**, which is a
minor release.
The NSS team would like to recognize first-time contributors:
- Christian Weisgerber
- Deian Stefan
- Jenine
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_47_RTM. NSS 3.47 requires NSPR 4.23 or newer.
NSS 3.47 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
Other releases are available :ref:`mozilla_projects_nss_nss_releases`.
.. _upcoming_changes_to_default_tls_configuration:
`Upcoming changes to default TLS configuration <#upcoming_changes_to_default_tls_configuration>`__
--------------------------------------------------------------------------------------------------
.. container::
The next NSS team plans to make two changes to the default TLS configuration in NSS 3.48, which
will be released in early December:
details.
by default, where possible. See `Bug
.. _notable_changes_in_nss_3.47:
`Notable Changes in NSS 3.47 <#notable_changes_in_nss_3.47>`__
--------------------------------------------------------------
.. container::
acceleration on ARMv8
run-time ordering of the cipher suites presented in ClientHello
and PKCS #11 libraries
.. _bugs_fixed_in_nss_3.47:
`Bugs fixed in NSS 3.47 <#bugs_fixed_in_nss_3.47>`__
----------------------------------------------------
.. container::
padding removal constant time
tests
distrust certificates issued after a certain date for a specified root cert
in tls13con.c
definitions for issuerUniqueID and subjectUniqueID shouldn't have the CONSTRUCTED bit set
acceleration on ARMv8
schemes for TLS 1.3
PK11_ImportAndReturnPrivateKey does not store nickname for EC keys
conditional in pki3hack, pk11load and stanpcertdb
and param length before casting to mechanism-specific structs
RFC maximum) HKDF outputs
from sftk_FreeSession (CVE-2019-11756)
in tstclnt and selfserv
utility "derdump"
verification not constant time
sizes for CKM_AES_GCM
encrypting with SEED_CBC
records with large padding with SHA384 HMAC
nested S/MIME test messages for Thunderbird
used to test NSPR changes
selecting the order of cipher suites in ClientHello
expression in test scripts
1242852] unused values
aarch64_be while building freebl/gcm
part of NSS continuous integration
OpenBSD/arm64 after bug #1559012
mach-completion
clang scanners.
signature algorithms to known algorithms
self-test on entropy source
disable LSAN while building
NSS make; Add gyp parameters to build/run NSPR tests
for Thunderbird
trying to export non-existent cert with pk12util
decrement nullptr.
style for pk11_find_certs_unittest.cc
and PKCS #11 libraries
for signatureAlgorithm field of signerInfo in CMS for DSA and ECDSA
from mingw NSS build.
PK11_GetCertsFromPrivateKey to return all certificates with public keys matching a particular
private key
This Bugzilla query returns all the bugs fixed in NSS 3.47:
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.47 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.47 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible with future versions of
the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report with