NSS 3.75 release notes

Introduction

Network Security Services (NSS) 3.75 was released on 3 February 2022.

Distribution Information

The HG tag is NSS_3_75_RTM. NSS 3.75 requires NSPR 4.32 or newer.

NSS 3.75 source distributions are available on ftp.mozilla.org for secure HTTPS download:

Other releases are available Releases.

Changes in NSS 3.75

  • Bug 1749030 - This patch adds gcc-9 and gcc-10 to the CI.

  • Bug 1749794 - Make DottedOIDToCode.py compatible with python3.

  • Bug 1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.

  • Bug 1748386 - Remove redundant key type check.

  • Bug 1749869 - Update ABI expectations to match ECH changes.

  • Bug 1748386 - Enable CKM_CHACHA20.

  • Bug 1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.

  • Bug 1747310 - real move assignment operator.

  • Bug 1748245 - Run ECDSA test vectors from bltest as part of the CI tests.

  • Bug 1743302 - Add ECDSA test vectors to the bltest command line tool.

  • Bug 1747772 - Allow to build using clang’s integrated assembler.

  • Bug 1321398 - Allow to override python for the build.

  • Bug 1747317 - test HKDF output rather than input.

  • Bug 1747316 - Use ASSERT macros to end failed tests early.

  • Bug 1747310 - move assignment operator for DataBuffer.

  • Bug 1712879 - Add test cases for ECH compression and unexpected extensions in SH.

  • Bug 1725938 - Update tests for ECH-13.

  • Bug 1725938 - Tidy up error handling.

  • Bug 1728281 - Add tests for ECH HRR Changes.

  • Bug 1728281 - Server only sends GREASE HRR extension if enabled by preference.

  • Bug 1725938 - Update generation of the Associated Data for ECH-13.

  • Bug 1712879 - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.

  • Bug 1712879 - Allow for compressed, non-contiguous, extensions.

  • Bug 1712879 - Scramble the PSK extension in CHOuter.

  • Bug 1712647 - Split custom extension handling for ECH.

  • Bug 1728281 - Add ECH-13 HRR Handling.

  • Bug 1677181 - Client side ECH padding.

  • Bug 1725938 - Stricter ClientHelloInner Decompression.

  • Bug 1725938 - Remove ECH_inner extension, use new enum format.

  • Bug 1725938 - Update the version number for ECH-13 and adjust the ECHConfig size.

Compatibility

NSS 3.75 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).