NSS 3.88 release notes
Introduction
Network Security Services (NSS) 3.88 was released on 9 February 2023*.
Distribution Information
The HG tag is NSS_3_88_RTM. NSS 3.88 requires NSPR 4.35 or newer.
NSS 3.88 source distributions are available on ftp.mozilla.org for secure HTTPS download:
Other releases are available Releases.
Changes in NSS 3.88
Bug 1815870 - use a different treeherder symbol for each docker image build task.
Bug 1815868 - pin an older version of the ubuntu:18.04 and 20.04 docker images
Bug 1810702 - remove nested table in rst doc
Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
Bug 1812671 - build failure while implicitly casting SECStatus to PRUInt32. r=nss-reviewers,mt
Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests
Bug 1771100 - Added EarlyData ALPN test support to BoGo shim.
Bug 1790357 - ECH client - Discard resumption TLS < 1.3 Session(IDs|Tickets) if ECH configs are setup.
Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm.
Bug 1789410 - ECH client: Send ech_required alert on server negotiating TLS 1.2. Fixed misleading Gtest, enabled corresponding BoGo test.
Bug 1771100 - Added Bogo ECH rejection test support.
Bug 1771100 - Added ECH 0Rtt support to BoGo shim.
Bug 1747957 - RSA OAEP Wycheproof JSON
Bug 1747957 - RSA decrypt Wycheproof JSON
Bug 1747957 - ECDSA Wycheproof JSON
Bug 1747957 - ECDH Wycheproof JSON
Bug 1747957 - PKCS#1v1.5 wycheproof json
Bug 1747957 - Use X25519 wycheproof json
Bug 1766767 - Move scripts to python3
Bug 1809627 - Properly link FuzzingEngine for oss-fuzz.
Bug 1805907 - Extending RSA-PSS bltest test coverage (Adding SHA-256 and SHA-384)
Bug 1804091 NSS needs to move off of DSA for integrity checks
Bug 1805815 - Add initial testing with ACVP vector sets using acvp-rust
Bug 1806369 - Don’t clone libFuzzer, rely on clang instead
Compatibility
NSS 3.88 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
Feedback
Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).