Build artifacts

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of communications applications that support TLS, S/MIME, and other Internet security standards. For a general overview of NSS and the standards it supports, see mozilla_projects_nss_overview.

Shared libraries

Network Security Services provides both static libraries and shared libraries. Applications that use the shared libraries must use only the APIs that they export. Three shared libraries export public functions:

  • The SSL/TLS library supports core TLS operations.

  • The S/MIME library supports core S/MIME operations.

  • The freebl library supports core crypto operations.


We guarantee that applications using the exported APIs will remain compatible with future versions of those libraries until deprecated.

Naming conventions

Windows and Unix use different naming conventions for static and dynamic libraries:






.so or .dylib or .sl

In addition, Windows has “import” libraries that bind to dynamic libraries. So the NSS library has the following forms:

  • - Linux shared library

  • libnss3.dylib - MacOS shared library

  • - HP-UX shared library

  • libnss.a - Unix static library

  • nss3.dll - Windows shared library

  • nss3.lib - Windows import library binding to nss3.dll

  • nss.lib - Windows static library

NSS, SSL, and S/MIME have all of the above forms.

The following static libraries aren’t included in any shared libraries

  • libcrmf.a/crmf.lib provides an API for CRMF operations.

  • libjar.a/jar.lib provides an API for creating JAR files.

The following static libraries are included only in external loadable PKCS #11 modules:

  • libnssckfw.a/nssckfw.lib provides an API for writing PKCS #11 modules.

  • libswfci.a/swfci.lib provides support for software FORTEZZA.

The following shared libraries are standalone loadable modules, not meant to be linked with directly:

  • provides support for hardware FORTEZZA.

  • provides support for software FORTEZZA.

  • defines the default set of trusted root certificates.