1.. _mozilla_projects_nss_nss_3_30_release_notes: 2 3NSS 3.30 release notes 4====================== 5 6`Introduction <#introduction>`__ 7-------------------------------- 8 9.. container:: 10 11 The Network Security Services (NSS) team has released NSS 3.30, which is a minor release. 12 13.. _distribution_information: 14 15`Distribution information <#distribution_information>`__ 16-------------------------------------------------------- 17 18.. container:: 19 20 The hg tag is NSS_3_30_RTM. NSS 3.30 requires Netscape Portable Runtime (NSPR); 4.13.1 or newer. 21 22 NSS 3.30 source distributions are available on ftp.mozilla.org for secure HTTPS download: 23 24 - Source tarballs: 25 https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_30_RTM/src/ 26 27.. _new_in_nss_3.30: 28 29`New in NSS 3.30 <#new_in_nss_3.30>`__ 30-------------------------------------- 31 32.. container:: 33 34.. _new_functionality: 35 36`New Functionality <#new_functionality>`__ 37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 38 39.. container:: 40 41 - In the PKCS#11 root CA module (nssckbi), CAs with positive trust are marked with a new boolean 42 attribute, CKA_NSS_MOZILLA_CA_POLICY, set to true. Applications that need to distinguish them 43 from other root CAs, may use the exported function PK11_HasAttributeSet. 44 - Support for callback functions that can be used to monitor SSL/TLS alerts that are sent or 45 received. 46 47 .. rubric:: New Functions 48 :name: new_functions 49 50 - *in cert.h* 51 52 - **CERT_CompareAVA** - performs a comparison of two CERTAVA structures, and returns a 53 SECComparison result. 54 55 - *in pk11pub.h* 56 57 - **PK11_HasAttributeSet** - allows to check if a PKCS#11 object in a given slot has a 58 specific boolean attribute set. 59 60 - *in ssl.h* 61 62 - **SSL_AlertReceivedCallback** - register a callback function, that will be called whenever 63 an SSL/TLS alert is received 64 - **SSL_AlertSentCallback** - register a callback function, that will be called whenever an 65 SSL/TLS alert is sent 66 - **SSL_SetSessionTicketKeyPair** - configures an asymmetric key pair, for use in wrapping 67 session ticket keys, used by the server. This function currently only accepts an RSA 68 public/private key pair. 69 70 .. rubric:: New Macros 71 :name: new_macros 72 73 - *in ciferfam.h* 74 75 - **PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256** - cipher family identifiers 76 corresponding to the PKCS#5 v2.1 AES based encryption schemes used in the PKCS#12 support 77 in NSS 78 79 - *in pkcs11n.h* 80 81 - **CKA_NSS_MOZILLA_CA_POLICY** - identifier for a boolean PKCS#11 attribute, that should be 82 set to true, if a CA is present because of it's acceptance according to the Mozilla CA 83 Policy 84 85.. _notable_changes_in_nss_3.30: 86 87`Notable Changes in NSS 3.30 <#notable_changes_in_nss_3.30>`__ 88-------------------------------------------------------------- 89 90.. container:: 91 92 - The TLS server code has been enhanced to support session tickets when no RSA certificate (e.g. 93 only an ECDSA certificate) is configured. 94 - RSA-PSS signatures produced by key pairs with a modulus bit length that is not a multiple of 8 95 are now supported. 96 - The pk12util tool now supports importing and exporting data encrypted in the AES based schemes 97 defined in PKCS#5 v2.1. 98 99.. _bugs_fixed_in_nss_3.30: 100 101`Bugs fixed in NSS 3.30 <#bugs_fixed_in_nss_3.30>`__ 102---------------------------------------------------- 103 104.. container:: 105 106 This Bugzilla query returns all the bugs fixed in NSS 3.30: 107 108 https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.30 109 110`Compatibility <#compatibility>`__ 111---------------------------------- 112 113.. container:: 114 115 NSS 3.30 shared libraries are backward compatible with all older NSS 3.x shared libraries. A 116 program linked with older NSS 3.x shared libraries will work with NSS 3.30 shared libraries 117 without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs 118 to the functions listed in NSS Public Functions will remain compatible with future versions of 119 the NSS shared libraries. 120 121`Feedback <#feedback>`__ 122------------------------ 123 124.. container:: 125 126 Bugs discovered should be reported by filing a bug report with 127 `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).