diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /security/nss/doc/rst/legacy/nss_releases/nss_3.22_release_notes | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/doc/rst/legacy/nss_releases/nss_3.22_release_notes')
-rw-r--r-- | security/nss/doc/rst/legacy/nss_releases/nss_3.22_release_notes/index.rst | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/security/nss/doc/rst/legacy/nss_releases/nss_3.22_release_notes/index.rst b/security/nss/doc/rst/legacy/nss_releases/nss_3.22_release_notes/index.rst new file mode 100644 index 0000000000..9b4aefd19f --- /dev/null +++ b/security/nss/doc/rst/legacy/nss_releases/nss_3.22_release_notes/index.rst @@ -0,0 +1,194 @@ +.. _mozilla_projects_nss_nss_3_22_release_notes: + +NSS 3.22 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + The NSS team has released Network Security Services (NSS) 3.22, which is a minor release. + + + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer. + + NSS 3.22 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RTM/src/ + +.. _new_in_nss_3.22: + +`New in NSS 3.22 <#new_in_nss_3.22>`__ +-------------------------------------- + +.. _new_functionality: + +`New Functionality <#new_functionality>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + - RSA-PSS signatures are now supported (`bug + 1215295 <https://bugzilla.mozilla.org/show_bug.cgi?id=1215295>`__) + + - New functions ``PK11_SignWithMechanism()`` and ``PK11_SignWithMechanism()`` are provided to + allow RSA keys to be used with PSS. + + - Pseudorandom functions based on hashes other than SHA-1 are now supported with PBKDF (`bug + 554827 <https://bugzilla.mozilla.org/show_bug.cgi?id=554827>`__). + + - ``PK11_CreatePBEV2AlgorithmID()`` now supports ``SEC_OID_PKCS5_PBKDF2`` with + ``cipherAlgTag`` and ``prfAlgTag`` set to ``SEC_OID_HMAC_SHA256``, ``SEC_OID_HMAC_SHA224``, + ``SEC_OID_HMAC_SHA384``, or ``SEC_OID_HMAC_SHA512``. + + - Enforce an External Policy on NSS from a config file (`bug + 1009429 <https://bugzilla.mozilla.org/show_bug.cgi?id=1009429>`__) + + - you can now add a config= line to pkcs11.txt (assuming you are using sql databases), which + will force NSS to restrict the application to certain cryptographic algorithms and + protocols. A complete list can be found in :ref:`mozilla_projects_nss_nss_config_options`. + + .. rubric:: New Functions + :name: new_functions + + - *in pk11pub.h* + + - **PK11_SignWithMechanism** - This function is an extended version ``PK11_Sign()``. + - **PK11_VerifyWithMechanism** - This function is an extended version of ``PK11_Verify()``. + + - These functions take an explicit mechanism and parameters as arguments rather than + inferring it from the key type using ``PK11_MapSignKeyType()``. The mechanism type + CKM_RSA_PKCS_PSS is now supported for RSA in addition to CKM_RSA_PKCS. The + CK_RSA_PKCS_PSS mechanism takes a parameter of type CK_RSA_PKCS_PSS_PARAMS. + + - *in ssl.h* + + - **SSL_PeerSignedCertTimestamps** - Get signed_certificate_timestamp TLS extension data + - **SSL_SetSignedCertTimestamps** - Set signed_certificate_timestamp TLS extension data + + .. rubric:: New Types + :name: new_types + + - *in secoidt.h* + + - The following are added to SECOidTag: + + - SEC_OID_AES_128_GCM + - SEC_OID_AES_192_GCM + - SEC_OID_AES_256_GCM + - SEC_OID_IDEA_CBC + - SEC_OID_RC2_40_CBC + - SEC_OID_DES_40_CBC + - SEC_OID_RC4_40 + - SEC_OID_RC4_56 + - SEC_OID_NULL_CIPHER + - SEC_OID_HMAC_MD5 + - SEC_OID_TLS_RSA + - SEC_OID_TLS_DHE_RSA + - SEC_OID_TLS_DHE_DSS + - SEC_OID_TLS_DH_RSA + - SEC_OID_TLS_DH_DSS + - SEC_OID_TLS_DH_ANON + - SEC_OID_TLS_ECDHE_ECDSA + - SEC_OID_TLS_ECDHE_RSA + - SEC_OID_TLS_ECDH_ECDSA + - SEC_OID_TLS_ECDH_RSA + - SEC_OID_TLS_ECDH_ANON + - SEC_OID_TLS_RSA_EXPORT + - SEC_OID_TLS_DHE_RSA_EXPORT + - SEC_OID_TLS_DHE_DSS_EXPORT + - SEC_OID_TLS_DH_RSA_EXPORT + - SEC_OID_TLS_DH_DSS_EXPORT + - SEC_OID_TLS_DH_ANON_EXPORT + - SEC_OID_APPLY_SSL_POLICY + + - in sslt.h + + - **ssl_signed_cert_timestamp_xtn** is added to ``SSLExtensionType``. + + .. rubric:: New Macros + :name: new_macros + + - in nss.h + + - NSS_RSA_MIN_KEY_SIZE + - NSS_DH_MIN_KEY_SIZE + - NSS_DSA_MIN_KEY_SIZE + - NSS_TLS_VERSION_MIN_POLICY + - NSS_TLS_VERSION_MAX_POLICY + - NSS_DTLS_VERSION_MIN_POLICY + - NSS_DTLS_VERSION_MAX_POLICY + + - *in pkcs11t.h* + + - **CKP_PKCS5_PBKD2_HMAC_GOSTR3411** - PRF based on HMAC with GOSTR3411 for PBKDF (not + supported) + - **CKP_PKCS5_PBKD2_HMAC_SHA224** - PRF based on HMAC with SHA-224 for PBKDF + - **CKP_PKCS5_PBKD2_HMAC_SHA256** - PRF based on HMAC with SHA-256 for PBKDF + - **CKP_PKCS5_PBKD2_HMAC_SHA384** - PRF based on HMAC with SHA-256 for PBKDF + - **CKP_PKCS5_PBKD2_HMAC_SHA512** - PRF based on HMAC with SHA-256 for PBKDF + - **CKP_PKCS5_PBKD2_HMAC_SHA512_224** - PRF based on HMAC with SHA-512 truncated to 224 bits + for PBKDF (not supported) + - **CKP_PKCS5_PBKD2_HMAC_SHA512_256** - PRF based on HMAC with SHA-512 truncated to 256 bits + for PBKDF (not supported) + + - *in secoidt.h* + + - NSS_USE_ALG_IN_SSL + - NSS_USE_POLICY_IN_SSL + + - *in ssl.h* + + - **SSL_ENABLE_SIGNED_CERT_TIMESTAMPS** + + - *in sslt.h* + + - **SSL_MAX_EXTENSIONS** is updated to 13 + +.. _notable_changes_in_nss_3.22: + +`Notable Changes in NSS 3.22 <#notable_changes_in_nss_3.22>`__ +-------------------------------------------------------------- + +.. container:: + + - NSS C++ tests are built by default, requiring a C++11 compiler. Set the NSS_DISABLE_GTESTS + variable to 1 to disable building these tests. + +.. _bugs_fixed_in_nss_3.22: + +`Bugs fixed in NSS 3.22 <#bugs_fixed_in_nss_3.22>`__ +---------------------------------------------------- + +.. container:: + + This Bugzilla query returns all the bugs fixed in NSS 3.22: + + https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.22 + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.22 shared libraries are backward compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.22 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report with + `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).
\ No newline at end of file |