NSS 3.101 release notes
Introduction
Network Security Services (NSS) 3.101 was released on 6 June 2024*. NSS 3.101 is an ESR release.
Distribution Information
The HG tag is NSS_3_101_RTM. NSS 3.101 requires NSPR 4.35 or newer.
NSS 3.101 source distributions are available on ftp.mozilla.org for secure HTTPS download:
Other releases are available Releases.
Changes in NSS 3.101
Bug 1900413 - add diagnostic assertions for SFTKObject refcount.
Bug 1899759 - freeing the slot in DeleteCertAndKey if authentication failed
Bug 1899883 - fix formatting issues.
Bug 1889671 - Add Firmaprofesional CA Root-A Web to NSS.
Bug 1899593 - remove invalid acvp fuzz test vectors.
Bug 1898830 - pad short P-384 and P-521 signatures gtests.
Bug 1898627 - remove unused FreeBL ECC code. r=rrelyea
Bug 1898830 - pad short P-384 and P-521 signatures.
Bug 1898825 - be less strict about ECDSA private key length.
Bug 1854439 - Integrate HACL* P-521.
Bug 1854438 - Integrate HACL* P-384.
Bug 1898074 - memory leak in create_objects_from_handles.
Bug 1898858 - ensure all input is consumed in a few places in mozilla::pkix
Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
Bug 1748105 - clean up escape handling
Bug 1896353 - Use lib::pkix as default validator instead of the old-one
Bug 1827444 - Need to add high level support for PQ signing.
Bug 1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
Bug 1893404 - Allow for non-full length ecdsa signature when using softoken
Bug 1830415 - Modification of .taskcluster.yml due to mozlint indent defects
Bug 1793811 - Implement support for PBMAC1 in PKCS#12
Bug 1897487 - disable VLA warnings for fuzz builds.
Bug 1895032 - remove redundant AllocItem implementation.
Bug 1893334 - add PK11_ReadDistrustAfterAttribute.
Bug 215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update
Bug 1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
Bug 1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.
Bug 1830415 - Switch to the mozillareleases/image_builder image
Compatibility
NSS 3.101 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
Feedback
Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).