NSS 3.12.5 release_notes

NSS 3.12.5 release notes

2009-12-02 Newsgroup:mozilla.dev.tech.crypto


Network Security Services (NSS) 3.12.5 is a patch release for NSS 3.12. The bug fixes in NSS 3.12.5 are described in the “Bugs Fixed” section below.

NSS 3.12.5 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1.

Distribution Information

The CVS tag for the NSS 3.12.5 release is NSS_3_12_5_RTM.

NSS 3.12.5 requires NSPR 4.8.

You can check out the source from CVS by


cvs co -r NSPR_4_8_RTM NSPR cvs co -r NSS_3_12_5_RTM NSS

See the Documentation section for the build instructions.

NSS 3.12.5 source is also available on ftp.mozilla.org for secure HTTPS download:

New in NSS 3.12.5

SSL3 & TLS Renegotiation Vulnerability

See CVE-2009-3555 and US-CERT VU#120541 for more information about this security vulnerability.

All SSL/TLS renegotiation is disabled by default in NSS 3.12.5. This will cause programs that attempt to perform renegotiation to experience failures where they formerly experienced successes, and is necessary for them to not be vulnerable, until such time as a new safe renegotiation scheme is standardized by the IETF.

If an application depends on renegotiation feature, it can be enabled by setting the environment variable NSS_SSL_ENABLE_RENEGOTIATION to 1. By setting this environmental variable, the fix provided by these patches will have no effect and the application may become vulnerable to the issue.

This default setting can also be changed within the application by using the following existing API functions:

    • SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on)

    • SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on)

  • There is now a new value for “option”, which is:


    The corresponding new values for SSL_ENABLE_RENEGOTIATION are:

    • SSL_RENEGOTIATE_NEVER: Never renegotiate at all (default).

    • SSL_RENEGOTIATE_UNRESTRICTED: Renegotiate without restriction, whether or not the peer’s client hello bears the renegotiation info extension (as we always did in the past). UNSAFE.

TLS compression

  • Enable TLS compression with:

    • SSL_ENABLE_DEFLATE: Enable TLS compression with DEFLATE. Off by default. (See ssl.h)

    Error codes:



New context initialization and shutdown functions

  • See nss.h for details. The 2 new functions are:

    • NSS_InitContext

    • NSS_ShutdownContext

    Parameters for these functions are used to initialize softoken. These are mostly strings used to internationalize softoken. Memory for the strings are owned by the caller, who is free to free them once NSS_ContextInit returns. If the string parameter is NULL (as opposed to empty, zero length), then the softoken default is used. These are equivalent to the parameters for PK11_ConfigurePKCS11().

    See the following struct in nss.h for details:

    • NSSInitParametersStr

Other new functions

  • In secmod.h:

    • SECMOD_GetSkipFirstFlag

    • SECMOD_GetDefaultModDBFlag

    In prlink.h

    • NSS_SecureMemcmp

    • PORT_LoadLibraryFromOrigin

Modified functions

  • SGN_Update (see cryptohi.h)

    • The parameter “input” of this function is changed from unsigned char * to const unsigned char *.

  • PK11_ConfigurePKCS11 (see nss.h)

    • The name of some parameters have been slightly changed (“des” became “desc”).

Deprecated headers

  • The header file key.h is deprecated. Please use keyhi.h instead.

Additional documentation

  • In pk11pub.h:

    • The caller of PK11_DEREncodePublicKey should free the returned SECItem with a SECITEM_FreeItem(…, PR_TRUE) call.

    • PK11_ReadRawAttribute allocates the buffer for returning the attribute value. The caller of PK11_ReadRawAttribute should free the data buffer pointed to by item using a SECITEM_FreeItem(item, PR_FALSE) or PORT_Free(item->data) call.

    In secasn1.h:

    • If both pool and dest are NULL, the caller should free the returned SECItem with a SECITEM_FreeItem(…, PR_TRUE) call. If pool is NULL but dest is not NULL, the caller should free the data buffer pointed to by dest with a SECITEM_FreeItem(dest, PR_FALSE) or PORT_Free(dest->data) call.

Environment variables


    • Will start NSS in FIPS mode.



    • See SSL3 & TLS Renegotiation Vulnerability.

Bugs Fixed

The following bugs have been fixed in NSS 3.12.5.

  • Bug 510435: Remove unused make variable DSO_LDFLAGS

  • Bug 510436: Add macros for build numbers (4th component of version number) to nssutil.h

  • Bug 511227: Firefox 3.0.13 fails to compile on FreeBSD/powerpc

  • Bug 511312: NSS fails to load softoken, looking for sqlite3.dll

  • Bug 511781: Add new TLS 1.2 cipher suites implemented in Windows 7 to ssltap

  • Bug 516101: If PK11_ImportCert fails, it leaves the certificate undiscoverable by CERT_PKIXVerifyCert

  • Bug 518443: PK11_ImportAndReturnPrivateKey leaks an arena

  • Bug 518446: PK11_DEREncodePublicKey leaks a CERTSubjectPublicKeyInfo

  • Bug 518457: SECKEY_EncodeDERSubjectPublicKeyInfo and PK11_DEREncodePublicKey are duplicate

  • Bug 522510: Add deprecated comments to key.h and pk11func.h

  • Bug 522580: NSS uses PORT_Memcmp for comparing secret data.

  • Bug 525056: Timing attack against ssl3ext.c:ssl3_ServerHandleSessionTicketXtn()

  • Bug 526689: SSL3 & TLS Renegotiation Vulnerability


For a list of the primary NSS documentation pages on mozilla.org, see NSS Documentation. New and revised documents available since the release of NSS 3.11 include the following:


NSS 3.12.5 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.12.5 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.


Bugs discovered should be reported by filing a bug report with mozilla.org Bugzilla (product NSS).

This document was generated by genma teruaki on November 28, 2010 using texi2html 1.82.