Source code
Revision control
Copy as Markdown
Other Tools
.. _mozilla_projects_nss_nss_3_52_release_notes:
NSS 3.52 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The NSS team has released Network Security Services (NSS) 3.52 on **1 May 2020**.
The NSS team would like to recognize first-time contributors:
- zhujianwei7
- Hans Petter Jansson
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_52_RTM. NSS 3.52 requires NSPR 4.25 or newer.
NSS 3.52 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
Other releases are available :ref:`mozilla_projects_nss_nss_releases`.
.. _notable_changes_in_nss_3.52:
`Notable Changes in NSS 3.52 <#notable_changes_in_nss_3.52>`__
--------------------------------------------------------------
.. container::
PKCS #11 v3.0.
- Note: This change modifies the CK_GCM_PARAMS struct to include the ulIvBits field which,
prior to PKCS #11 v3.0, was ambiguously defined and not included in the NSS definition. If
an application is recompiled with NSS 3.52+, this field must be initialized to a value
corresponding to ulIvLen. Alternatively, defining NSS_PKCS11_2_0_COMPAT will yield the old
definition. See the bug for more information.
v3.0 Message Interface for AES-GCM and ChaChaPoly.
ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*.
.. _bugs_fixed_in_nss_3.52:
`Bugs fixed in NSS 3.52 <#bugs_fixed_in_nss_3.52>`__
----------------------------------------------------
.. container::
'getauxval' error on iOS compilation.
functions for FIPS.
MSVC builds not producing debug symbol files.
KDF.
initialize policy before NSS is initialized.
session objects in ckfw.
functions to module debug logger.
generation of fuzz32 docker image after updates.
declaration of function 'getopt' error.
gcm-arm32-neon on non-armv7 architectures.
in Firefox Android.
CK_FUNCTION_LIST structs to be packed.
unknown argument '-msse4'.
v3.0 Message Interface for AES-GCM and ChaChaPoly.
querying Extended Features.
in lowhashtest.
NSS_DISABLE_GCM_ARM32_NEON to build on arm32 without NEON support.
to include both DTLS and TLS versions in DTLS supported_versions.
1.3 is not experimental anymore.
ssl_ParseSessionTicket.
behavior in SSL_ParseSessionTicket.
Credentials implementation to draft-07.
dependencies for libintvector.h
accelerated SHA2 for POWER 8+.
ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*.
C_GetAttributeValue semantics on attributes that lack NSS database columns.
test vectors.
handling of KI_len.
NULL slot/session.
pollution from sdb_measureAccess().
PKCS #11 v3.0.
in FIPS mode.
assertion when evicting a cached sessionID or using external cache.
testlib makefile build produced extraneous object files.
multi-block SEED ECB inputs.
of NSSCMSSignedData.signerInfo to avoid a CMS crash
validation: CN treated as DNS name even when syntactically invalid as DNS name
This Bugzilla query returns all the bugs fixed in NSS 3.52:
`Compatibility <#compatibility>`__
----------------------------------
.. container::
NSS 3.52 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.52 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in NSS Public Functions will remain compatible with future versions of
the NSS shared libraries.
`Feedback <#feedback>`__
------------------------
.. container::
Bugs discovered should be reported by filing a bug report with