blob: 8dff4484eafd3f895cc59e02a094867b1e4a0f3d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
.. _mozilla_projects_nss_nss_3_17_release_notes:
NSS 3.17 release notes
======================
`Introduction <#introduction>`__
--------------------------------
.. container::
The NSS team has released Network Security Services (NSS) 3.17, which is a minor release.
.. _distribution_information:
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_17_RTM. NSS 3.17 requires NSPR 4.10.7 or newer.
NSS 3.17 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_17_RTM/src/
.. _new_in_nss_3.17:
`New in NSS 3.17 <#new_in_nss_3.17>`__
--------------------------------------
.. _new_functionality:
`New Functionality <#new_functionality>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key
for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH
key is reused for multiple handshakes. This option does not affect the TLS client code, which
always generates a fresh ephemeral ECDH key for each handshake.
New Macros
- *in ssl.h*
- **SSL_REUSE_SERVER_ECDHE_KEY**
.. _notable_changes_in_nss_3.17:
`Notable Changes in NSS 3.17 <#notable_changes_in_nss_3.17>`__
--------------------------------------------------------------
.. container::
- The manual pages for the certutil and pp tools have been updated to document the new
parameters that had been added in NSS 3.16.2.
- On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime
library should be used. By default the dynamic C runtime library is used.
.. _bugs_fixed_in_nss_3.17:
`Bugs fixed in NSS 3.17 <#bugs_fixed_in_nss_3.17>`__
----------------------------------------------------
.. container::
This Bugzilla query returns all the bugs fixed in NSS 3.17:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.17
|