1.. _mozilla_projects_nss_nss_3_30_release_notes:
2
3NSS 3.30 release notes
4======================
5
6`Introduction <#introduction>`__
7--------------------------------
8
9.. container::
10
11   The Network Security Services (NSS) team has released NSS 3.30, which is a minor release.
12
13.. _distribution_information:
14
15`Distribution information <#distribution_information>`__
16--------------------------------------------------------
17
18.. container::
19
20   The hg tag is NSS_3_30_RTM. NSS 3.30 requires Netscape Portable Runtime (NSPR); 4.13.1 or newer.
21
22   NSS 3.30 source distributions are available on ftp.mozilla.org for secure HTTPS download:
23
24   -  Source tarballs:
25      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_30_RTM/src/
26
27.. _new_in_nss_3.30:
28
29`New in NSS 3.30 <#new_in_nss_3.30>`__
30--------------------------------------
31
32.. container::
33
34.. _new_functionality:
35
36`New Functionality <#new_functionality>`__
37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
38
39.. container::
40
41   -  In the PKCS#11 root CA module (nssckbi), CAs with positive trust are marked with a new boolean
42      attribute, CKA_NSS_MOZILLA_CA_POLICY, set to true. Applications that need to distinguish them
43      from other root CAs, may use the exported function PK11_HasAttributeSet.
44   -  Support for callback functions that can be used to monitor SSL/TLS alerts that are sent or
45      received.
46
47   .. rubric:: New Functions
48      :name: new_functions
49
50   -  *in cert.h*
51
52      -  **CERT_CompareAVA** - performs a comparison of two CERTAVA structures, and returns a
53         SECComparison result.
54
55   -  *in pk11pub.h*
56
57      -  **PK11_HasAttributeSet** - allows to check if a PKCS#11 object in a given slot has a
58         specific boolean attribute set.
59
60   -  *in ssl.h*
61
62      -  **SSL_AlertReceivedCallback** - register a callback function, that will be called whenever
63         an SSL/TLS alert is received
64      -  **SSL_AlertSentCallback** - register a callback function, that will be called whenever an
65         SSL/TLS alert is sent
66      -  **SSL_SetSessionTicketKeyPair** - configures an asymmetric key pair, for use in wrapping
67         session ticket keys, used by the server. This function currently only accepts an RSA
68         public/private key pair.
69
70   .. rubric:: New Macros
71      :name: new_macros
72
73   -  *in ciferfam.h*
74
75      -  **PKCS12_AES_CBC_128, PKCS12_AES_CBC_192, PKCS12_AES_CBC_256** - cipher family identifiers
76         corresponding to the PKCS#5 v2.1 AES based encryption schemes used in the PKCS#12 support
77         in NSS
78
79   -  *in pkcs11n.h*
80
81      -  **CKA_NSS_MOZILLA_CA_POLICY** - identifier for a boolean PKCS#11 attribute, that should be
82         set to true, if a CA is present because of it's acceptance according to the Mozilla CA
83         Policy
84
85.. _notable_changes_in_nss_3.30:
86
87`Notable Changes in NSS 3.30 <#notable_changes_in_nss_3.30>`__
88--------------------------------------------------------------
89
90.. container::
91
92   -  The TLS server code has been enhanced to support session tickets when no RSA certificate (e.g.
93      only an ECDSA certificate) is configured.
94   -  RSA-PSS signatures produced by key pairs with a modulus bit length that is not a multiple of 8
95      are now supported.
96   -  The pk12util tool now supports importing and exporting data encrypted in the AES based schemes
97      defined in PKCS#5 v2.1.
98
99.. _bugs_fixed_in_nss_3.30:
100
101`Bugs fixed in NSS 3.30 <#bugs_fixed_in_nss_3.30>`__
102----------------------------------------------------
103
104.. container::
105
106   This Bugzilla query returns all the bugs fixed in NSS 3.30:
107
108   https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.30
109
110`Compatibility <#compatibility>`__
111----------------------------------
112
113.. container::
114
115   NSS 3.30 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
116   program linked with older NSS 3.x shared libraries will work with NSS 3.30 shared libraries
117   without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
118   to the functions listed in NSS Public Functions will remain compatible with future versions of
119   the NSS shared libraries.
120
121`Feedback <#feedback>`__
122------------------------
123
124.. container::
125
126   Bugs discovered should be reported by filing a bug report with
127   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).