Revisions of mozilla-nss
Yuchen Lin (maxlin_factory)
accepted
request 429418
from
Wolfgang Rosenauer (wrosenauer)
(revision 9)
- update to NSS 3.25
New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2,
NSS only supported certificate_verify messages that used the same
signature hash algorithm as used by the PRF. This limitation has
been removed.
* Several functions have been added to the public API of the
NSS Cryptoki Framework.
New functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle
Notable changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3
* Regression fix: NSS no longer reports a failure if an application
attempts to disable the SSLv2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
Sonera Class1 CA
* The following CA certificates were Added
Hellenic Academic and Research Institutions RootCA 2015
Hellenic Academic and Research Institutions ECC RootCA 2015
Certplus Root CA G1
Certplus Root CA G2
OpenTrust Root CA G1
OpenTrust Root CA G2
Ludwig Nussel (lnussel_factory)
accepted
request 417034
from
Wolfgang Rosenauer (wrosenauer)
(revision 8)
- also sign libfreeblpriv3.so to allow FIPS mode again (boo#992236)
- update to NSS 3.24
New functionality:
* NSS softoken has been updated with the latest National Institute
of Standards and Technology (NIST) guidance (as of 2015):
- Software integrity checks and POST functions are executed on
shared library load. These checks have been disabled by default,
as they can cause a performance regression. To enable these
checks, you must define symbol NSS_FORCE_FIPS when building NSS.
- Counter mode and Galois/Counter Mode (GCM) have checks to
prevent counter overflow.
- Additional CSPs are zeroed in the code.
- NSS softoken uses new guidance for how many Rabin-Miller tests
are needed to verify a prime based on prime size.
* NSS softoken has also been updated to allow NSS to run in FIPS
Level 1 (no password). This mode is triggered by setting the
database password to the empty string. In FIPS mode, you may move
from Level 1 to Level 2 (by setting an appropriate password),
but not the reverse.
* A SSL_ConfigServerCert function has been added for configuring
SSL/TLS server sockets with a certificate and private key. Use
this new function in place of SSL_ConfigSecureServer,
SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses,
and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically
determines the certificate type from the certificate and private key.
The caller is no longer required to use SSLKEAType explicitly to
select a "slot" into which the certificate is configured (which
incorrectly identifies a key agreement type rather than a certificate).
Separate functions for configuring Online Certificate Status Protocol
Ludwig Nussel (lnussel_factory)
accepted
request 401904
from
Ludwig Nussel (lnussel)
(revision 7)
Automatic request from openSUSE:Leap:42.1:Update by UpdateCrawler
Ludwig Nussel (lnussel_factory)
accepted
request 394406
from
Ludwig Nussel (lnussel)
(revision 6)
Automatic request from openSUSE:Leap:42.1:Update by UpdateCrawler
Ludwig Nussel (lnussel_factory)
accepted
request 392556
from
Ludwig Nussel (lnussel)
(revision 5)
Automatic request from openSUSE:Leap:42.1:Update by UpdateCrawler
Stephan Kulow (coolo)
accepted
request 336174
from
Stephan Kulow (coolo)
(revision 3)
Automatic request from openSUSE:Factory by UpdateCrawler
Stephan Kulow (coolo)
committed
(revision 1)
osc copypac from project:openSUSE:Factory package:mozilla-nss revision:4f376ffbbf80718f3f7d67906b795615, using expand
Displaying all 11 revisions
