NSS 3.101 release notes

Introduction

Network Security Services (NSS) 3.101 was released on 6 June 2024*. NSS 3.101 is an ESR release.

Distribution Information

The HG tag is NSS_3_101_RTM. NSS 3.101 requires NSPR 4.35 or newer.

NSS 3.101 source distributions are available on ftp.mozilla.org for secure HTTPS download:

Other releases are available Releases.

Changes in NSS 3.101

  • Bug 1900413 - add diagnostic assertions for SFTKObject refcount.

  • Bug 1899759 - freeing the slot in DeleteCertAndKey if authentication failed

  • Bug 1899883 - fix formatting issues.

  • Bug 1889671 - Add Firmaprofesional CA Root-A Web to NSS.

  • Bug 1899593 - remove invalid acvp fuzz test vectors.

  • Bug 1898830 - pad short P-384 and P-521 signatures gtests.

  • Bug 1898627 - remove unused FreeBL ECC code. r=rrelyea

  • Bug 1898830 - pad short P-384 and P-521 signatures.

  • Bug 1898825 - be less strict about ECDSA private key length.

  • Bug 1854439 - Integrate HACL* P-521.

  • Bug 1854438 - Integrate HACL* P-384.

  • Bug 1898074 - memory leak in create_objects_from_handles.

  • Bug 1898858 - ensure all input is consumed in a few places in mozilla::pkix

  • Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy

  • Bug 1748105 - clean up escape handling

  • Bug 1896353 - Use lib::pkix as default validator instead of the old-one

  • Bug 1827444 - Need to add high level support for PQ signing.

  • Bug 1548723 - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation

  • Bug 1884444 - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy

  • Bug 1893404 - Allow for non-full length ecdsa signature when using softoken

  • Bug 1830415 - Modification of .taskcluster.yml due to mozlint indent defects

  • Bug 1793811 - Implement support for PBMAC1 in PKCS#12

  • Bug 1897487 - disable VLA warnings for fuzz builds.

  • Bug 1895032 - remove redundant AllocItem implementation.

  • Bug 1893334 - add PK11_ReadDistrustAfterAttribute.

  • Bug 215997 - Clang-formatting of SEC_GetMgfTypeByOidTag update

  • Bug 1895012 - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure

  • Bug 1894572 - sftk_getParameters(): Fix fallback to default variable after error with configfile.

  • Bug 1830415 - Switch to the mozillareleases/image_builder image

Compatibility

NSS 3.101 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).