NSS 3.103 release notes

Introduction

Network Security Services (NSS) 3.103 was released on 1 August 2024*.

Distribution Information

The HG tag is NSS_3_103_RTM. NSS 3.103 requires NSPR 4.35 or newer.

NSS 3.103 source distributions are available on ftp.mozilla.org for secure HTTPS download:

Other releases are available Releases.

Changes in NSS 3.103

  • Bug 1908623 - move list size check after lock acquisition in sftk_PutObjectToList.

  • Bug 1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH.

  • Bug 1909638 - Follow-up to fix test for presence of file nspr.patch.

  • Bug 1903783 - Adjust libFuzzer size limits.

  • Bug 1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk.

  • Bug 1899542 - Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION.

  • Bug 1909638 - NSS automation should always cleanup the NSPR tree.

  • Bug 590806 - Freeing symKey in pk11_PubDeriveECKeyWithKDF when a key_size is 0 and wrong kd.

  • Bug 1908831 - Don’t link zlib where it’s not needed.

  • Bug 1908597 - Removing dead code from X25519 seckey.

  • Bug 1905691 - ChaChaXor to return after the functio.

  • Bug 1900416 - NSS Support of X25519 import/export functionalit.

  • Bug 1890618 - add PeerCertificateChainDER function to libssl.

  • Bug 1908190 - fix definitions of freeblCipher_native_aes_*_worker on arm.

  • Bug 1907743 - pk11mode: avoid passing null phKey to C_DeriveKey.

  • Bug 1902119 - reuse X25519 share when offering both X25519 and Xyber768d00.

  • Set nssckbi version number to 2.69.

  • Bug 1904404 - add NSS_DISABLE_NSPR_TESTS option to makefile.

  • Bug 1905746 - avoid calling functions through pointers of incompatible type.

  • Bug 1905783 - merge docker-fuzz32 and docker-fuzz images.

  • Bug 1903373 - fix several scan-build warnings.

Compatibility

NSS 3.103 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).