.. _mozilla_projects_nss_nss_3_88_release_notes: NSS 3.88 release notes ====================== `Introduction <#introduction>`__ -------------------------------- .. container:: Network Security Services (NSS) 3.88 was released on *9 February 2023**. `Distribution Information <#distribution_information>`__ -------------------------------------------------------- .. container:: The HG tag is NSS_3_88_RTM. NSS 3.88 requires NSPR 4.35 or newer. NSS 3.88 source distributions are available on ftp.mozilla.org for secure HTTPS download: - Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_88_RTM/src/ Other releases are available :ref:`mozilla_projects_nss_releases`. .. _changes_in_nss_3.88: `Changes in NSS 3.88 <#changes_in_nss_3.88>`__ ---------------------------------------------------- .. container:: - Bug 1815870 - use a different treeherder symbol for each docker image build task. - Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images - Bug 1810702 - remove nested table in rst doc - Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. - Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32. r=nss-reviewers,mt - Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests - Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. - Bug 1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup. - Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. - Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test. - Bug 1771100 - Added Bogo ECH rejection test support. - Bug 1771100 - Added ECH 0Rtt support to BoGo shim. - Bug 1747957 - RSA OAEP Wycheproof JSON - Bug 1747957 - RSA decrypt Wycheproof JSON - Bug 1747957 - ECDSA Wycheproof JSON - Bug 1747957 - ECDH Wycheproof JSON - Bug 1747957 - PKCS#1v1.5 wycheproof json - Bug 1747957 - Use X25519 wycheproof json - Bug 1766767 - Move scripts to python3 - Bug 1809627 - Properly link FuzzingEngine for oss-fuzz. - Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384) - Bug 1804091 NSS needs to move off of DSA for integrity checks - Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust - Bug 1806369 - Don't clone libFuzzer, rely on clang instead `Compatibility <#compatibility>`__ ---------------------------------- .. container:: NSS 3.88 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries. `Feedback <#feedback>`__ ------------------------ .. container:: Bugs discovered should be reported by filing a bug report on `bugzilla.mozilla.org `__ (product NSS).