Network Security Services (NSS)

Warning

This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places.

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

NSS is available under the Mozilla Public License v2 (MPLv2).

If you’re a developer and would like to contribute to NSS, you might want to read the documents:

Getting Started

Building NSS

This page contains information how to download, build and test NSS.

Releases

This page contains information about recent releases of NSS.

Release notes for recent versions of NSS

This page contains information about older releases of NSS.

Community

This page contains information about the community and how to reach out.

Warning

References below this point are part of the deprecated documentation and will be ported in the future. You can contribute to refreshing this documentation by submitting changes directly in the NSS repository (nss/doc/rst).

NSS APIs

Introduction to Network Security Services

Provides an overview of the NSS libraries and what you need to know to use them.

SSL functions

Summarizes the SSL APIs exported by the NSS shared libraries.

NSS reference

API used to invoke SSL operations.

NSS API Guidelines

Explains how the libraries and code are organized, and guidelines for developing code (naming conventions, error handling, thread safety, etc.)

NSS Tech Notes

Links to NSS technical notes, which provide latest information about new NSS features and supplementary documentation for advanced topics in programming with NSS.

Tools, testing, and other technical details

NSS Developer Tutorial

How to make changes in NSS. Coding style, maintaining ABI compatibility.

NSS Tools

Tools for developing, debugging, and managing applications that use NSS.

NSS Sample Code

Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc.

NSS Third-Party Code

A list of third-party code included in the NSS library.

NSS 3.2 Test Suite

Archived version. Describes how to run the standard NSS tests.

NSS Performance Reports

Archived version. Links to performance reports for NSS 3.2 and later releases.

Encryption Technologies Available in NSS 3.11

Archived version. Lists the cryptographic algorithms used by NSS 3.11.

NSS 3.1 Loadable Root Certificates

Archived version. Describes the scheme for loading root CA certificates.

cert7.db

Archived version. General format of the cert7.db database.

PKCS #11 information

• PKCS11

• PKCS11 Implement

• PKCS #11 Module Specs

• PKCS11 FAQ

• Using the JAR Installation Manager to Install a PKCS #11 Cryptographic Module

• PKCS #11 Conformance Testing - Archived version

CA certificates pre-loaded into NSS

• Mozilla CA certificate policy

• List of pre-loaded CA certificates

  • Consumers of this list must consider the trust bit setting for each included root certificate. More Information, Extracting roots and their trust bits

NSS is built on top of Netscape Portable Runtime (NSPR)

• NSPR - NSPR project page.

• NSPR API Reference - NSPR API documentation.

Additional Information

• Using the window.crypto object from JavaScript

• HTTP delegation

• TLS Cipher Suite Discovery

• NSS Certificate Download Specification

• FIPS Mode - an explanation

• NSS Key Log Format

Planning

Information on NSS planning can be found at wiki.mozilla.org, including:

• FIPS Validation

• NSS Roadmap page

• NSS Improvement Project