Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mozilla-nss-32bit-3.68.1-lp152.2.13.1 RPM for x86_64

From OpenSuSE Leap 15.2 updates for x86_64

Name: mozilla-nss-32bit Distribution: openSUSE Leap 15.2
Version: 3.68.1 Vendor: openSUSE
Release: lp152.2.13.1 Build date: Mon Dec 6 14:13:22 2021
Group: System/Libraries Build host: lamb08
Size: 2287896 Source RPM: mozilla-nss-3.68.1-lp152.2.13.1.src.rpm
Summary: Network Security Services
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled server
applications. Applications built with NSS can support SSL v3,
TLS v1.0, v1.1, v1.2, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.






* Thu Dec 02 2021 Martin Sirringhaus <>
  - Mozilla NSS 3.68.1
    MFSA 2021-51 (bsc#1193170)
    * CVE-2021-43527 (bmo#1737470)
      Memory corruption via DER-encoded DSA and RSA-PSS signatures
  - Remove now obsolete patch nss-bsc1193170.patch
* Tue Nov 30 2021 Martin Sirringhaus <>
  - Add patch to fix CVE-2021-43527 (bsc#1193170):
* Tue Aug 31 2021 Charles Robertson <>
  - Removed nss-fips-kdf-self-tests.patch.  This was made
    obsolete by upstream changes. (bmo#1660304)
  - Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
* Wed Aug 18 2021 Hans Petter Jansson <>
  - Update nss-fips-constructor-self-tests.patch to fix crashes
    reported by upstream. This was likely affecting WebRTC calls.
* Thu Jul 29 2021 Martin Sirringhaus <>
  - update to NSS 3.68
    * bmo#1713562 - Fix test leak.
    * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
    * bmo#1693206 - Implement PKCS8 export of ECDSA keys.
    * bmo#1712883 - DTLS 1.3 draft-43.
    * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
    * bmo#1713562 - Validate ECH public names.
    * bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
  - update to NSS 3.67
    * bmo#1683710 - Add a means to disable ALPN.
    * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
    * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
    * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
    * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
* Sat Jul 10 2021 Wolfgang Rosenauer <>
  - update to NSS 3.66
    * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
    * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
    * bmo#1708307 - Remove Trustis FPS Root CA from NSS.
    * bmo#1707097 - Add Certum Trusted Root CA to NSS.
    * bmo#1707097 - Add Certum EC-384 CA to NSS.
    * bmo#1703942 - Add ANF Secure Server Root CA to NSS.
    * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
    * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
    * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
    * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
    * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
    * bmo#1709291 - Add VerifyCodeSigningCertificateChain.
    * Use GNU tar for the release helper script.
  - update to NSS 3.65
    * bmo#1709654 - Update for NetBSD configuration.
    * bmo#1709750 - Disable HPKE test when fuzzing.
    * bmo#1566124 - Optimize AES-GCM for ppc64le.
    * bmo#1699021 - Add AES-256-GCM to HPKE.
    * bmo#1698419 - ECH -10 updates.
    * bmo#1692930 - Update HPKE to final version.
    * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
    * bmo#1703936 - New coverity/cpp scanner errors.
    * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
    * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
    * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
  - refreshed patches
  - Firefox 90.0 requires NSS 3.66
* Thu May 27 2021 Andreas Stieger <>
  - update to NSS 3.64
    * bmo#1705286 - Properly detect mips64.
    * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
    * bmo#1698320 - replace __builtin_cpu_supports("vsx") with
      ppc_crypto_support() for clang.
    * bmo#1613235 - Add POWER ChaCha20 stream cipher vector
* Sun Apr 18 2021 Wolfgang Rosenauer <>
  - update to NSS 3.63.1
    * no upstream release notes for 3.63.1 (yet)
    Fixed in 3.63
    * bmo#1697380 - Make a clang-format run on top of helpful contributions.
    * bmo#1683520 - ECCKiila P384, change syntax of nested structs
      initialization to prevent build isses with GCC 4.8.
    * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
      scalar multiplication.
    * bmo#1683520 - ECCKiila P521, change syntax of nested structs
      initialization to prevent build isses with GCC 4.8.
    * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
      scalar multiplication.
    * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
    * bmo#1694214 - tstclnt can't enable middlebox compat mode.
    * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
    * bmo#1685880 - Minor fix to prevent unused variable on early return.
    * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
      with nss build.
    * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
      of root CA changes, CA list version 2.48.
    * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
      'Chambers of Commerce' and 'Global Chambersign' roots.
    * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
    * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
    * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
    * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
      from NSS.
    * bmo#1687822 - Turn off Websites trust bit for the “Staat der
      Nederlanden Root CA - G3” root cert in NSS.
    * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
      Root - 2008' and 'Global Chambersign Root - 2008’.
    * bmo#1694291 - Tracing fixes for ECH.
  - required for Firefox 88
* Tue Mar 16 2021 Wolfgang Rosenauer <>
  - update to NSS 3.62
    * bmo#1688374 - Fix parallel build NSS-3.61 with make
    * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
      can corrupt "cachedCertTable"
    * bmo#1690583 - Fix CH padding extension size calculation
    * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
    * bmo#1690421 - Install packaged libabigail in docker-builds image
    * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
    * bmo#1674819 - Fixup a51fae403328, enum type may be signed
    * bmo#1681585 - Add ECH support to selfserv
    * bmo#1681585 - Update ECH to Draft-09
    * bmo#1678398 - Add Export/Import functions for HPKE context
    * bmo#1678398 - Update HPKE to draft-07
  - required for Firefox 87
* Sun Feb 28 2021 Sasi Olin <>
  - Add nss-btrfs-sqlite.patch to address bmo#1690232
* Sun Feb 21 2021 Wolfgang Rosenauer <>
  - update to NSS 3.61
    * required for Firefox 86
    * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
      values under certain conditions.
    * bmo#1684300 - Fix default PBE iteration count when NSS is compiled
      with NSS_DISABLE_DBM.
    * bmo#1651411 - Improve constant-timeness in RSA operations.
    * bmo#1677207 - Upgrade Google Test version to latest release.
    * bmo#1654332 - Add aarch64-make target to nss-try.
* Sun Jan 24 2021 Wolfgang Rosenauer <>
  - update to NSS 3.60.1
    Notable changes in NSS 3.60:
    * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
      has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
      implementation. See bmo#1654332 for more information.
    * December 2020 batch of Root CA changes, builtins library updated
      to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
      for more information.
  - removed obsolete ppc-old-abi-v3.patch
* Sun Dec 27 2020 Wolfgang Rosenauer <>
  - update to NSS 3.59.1
    * bmo#1679290 - Fix potential deadlock with certain third-party
      PKCS11 modules
* Tue Dec 01 2020 Wolfgang Rosenauer <>
  - update to NSS 3.59
    Notable changes
    * Exported two existing functions from libnss:
      CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
    * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
    * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
    * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
    * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
    * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
      root certs when SHA1 signatures are disabled.
    * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
      solve some test intermittents
    * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
      our CVE-2020-25648 fix that broke purple-discord
    * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
    * bmo#1667989 - Fix gyp linking on Solaris
    * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
      CERT_AddCertToListTailWithData from libnss
    * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
    * bmo#1663091 - Remove unnecessary assertions in the streaming
      ASN.1 decoder that affected decoding certain PKCS8
      private keys when using NSS debug builds
    * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
* Sun Nov 15 2020 Wolfgang Rosenauer <>
  - update to NSS 3.58
    Bugs fixed:
    * bmo#1641480 (CVE-2020-25648)
      Tighten CCS handling for middlebox compatibility mode.
    * bmo#1631890 - Add support for Hybrid Public Key Encryption
      (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
    * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
    * bmo#1668328 - Handle spaces in the Python path name when using
      gyp on Windows.
    * bmo#1667153 - Add PK11_ImportDataKey for data object import.
    * bmo#1665715 - Pass the embedded SCT list extension (if present)
      to TrustDomain::CheckRevocation instead of the notBefore value.
* Thu Nov 12 2020 Ludwig Nussel <>
  - install libraries in %{_libdir} (boo#1029961)
* Mon Oct 12 2020 Dominique Leuenberger <>
  - Fix build with RPM 4.16: error: bare words are no longer
    supported, please use "...":  lib64 == lib64.
* Wed Sep 30 2020 Wolfgang Rosenauer <>
  - update to NSS 3.57
    * The following CA certificates were Added:
      bmo#1663049 - CN=Trustwave Global Certification Authority
      SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
      bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
      SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
      bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
      SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
    * The following CA certificates were Removed:
      bmo#1651211 - CN=EE Certification Centre Root CA
      SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
      bmo#1656077 - O=Government Root Certification Authority; C=TW
      SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
    * Trust settings for the following CA certificates were Modified:
      bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
      Websites (server authentication) trust bit removed.
  - requires NSPR 4.29
  - removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
  - introduced _constraints due to high memory requirements especially
    for LTO on Tumbleweed
* Fri Sep 25 2020 Guillaume GARDET <>
  - Add patch to fix build on aarch64 - boo#1176934:
    * nss-freebl-fix-aarch64.patch
* Thu Sep 17 2020 Hans Petter Jansson <>
  - Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
    being moved to deprecated/.
  - Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
    obsolete by upstream changes.
* Thu Sep 10 2020 Charles Robertson <>
  - Modifications for NIST SP 800-56Ar3 compliance. This adds checks
    and restricts Diffie-Hellman parameters in FIPS mode
    New patches:
    * nss-fips-stricter-dh.patch
    * nss-fips-kdf-self-tests.patch
* Tue Sep 08 2020 Wolfgang Rosenauer <>
  - update to NSS 3.56
    Notable changes
    * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
    * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
    * bmo#1654142 - Add CPU feature detection for Intel SHA extension.
    * bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
    * bmo#1656986 - Properly detect arm64 during GYP build architecture
    * bmo#1652729 - Add build flag to disable RC2 and relocate to
    * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
    * bmo#1588941 - Send empty certificate message when scheme selection
    * bmo#1652032 - Fix failure to build in Windows arm64 makefile
    * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
    * bmo#1653975 - Fix 3.53 regression by setting "all" as the default
      makefile target.
    * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
    * bmo#1659814 - Fix failures with newer tls-interop
      commit and dependencies.
    * bmo#1656519 - NSPR dependency updated to 4.28
  - do not hard require mozilla-nss-certs-32bit via baselibs
* Sat Aug 22 2020 Wolfgang Rosenauer <>
  - update to NSS 3.55
    Notable changes
    * P384 and P521 elliptic curve implementations are replaced with
      verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
    * PK11_FindCertInSlot is added. With this function, a given slot
      can be queried with a DER-Encoded certificate, providing performance
      and usability improvements over other mechanisms. (bmo#1649633)
    * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
    Relevant Bugfixes
    * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
      P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
    * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
    * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
    * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
      ChaCha20 (which was not functioning correctly) and more strictly
      enforce tag length.
    * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
    * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
    * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
    * bmo#1653202 - Fix initialization bug in blapitest when compiled
    * bmo#1646594 - Fix AVX2 detection in makefile builds.
    * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
      for a DER-encoded certificate.
    * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
    * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
    * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
    * bmo#1649226 - Add Wycheproof ECDSA tests.
    * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
    * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
    * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
      signature_algorithms extension.
* Tue Aug 11 2020 Charles Robertson <>
  - Fix for Firefox failing in fips mode (bsc#1174697)
    Updated and rebased patch nss-fips-constructor-self-tests.patch
    Rebased patches:
* Thu Jul 23 2020 Wolfgang Rosenauer <>
  - update to NSS 3.54
    Notable changes
    * Support for TLS 1.3 external pre-shared keys (bmo#1603042).
    * Use ARM Cryptography Extension for SHA256, when available
    * The following CA certificates were Added:
      bmo#1645186 - certSIGN Root CA G2.
      bmo#1645174 - e-Szigno Root CA 2017.
      bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
      bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
    * The following CA certificates were Removed:
      bmo#1645199 - AddTrust Class 1 CA Root.
      bmo#1645199 - AddTrust External CA Root.
      bmo#1641718 - LuxTrust Global Root 2.
      bmo#1639987 - Staat der Nederlanden Root CA - G2.
      bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
      bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
      bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
    * A number of certificates had their Email trust bit disabled.
      See bmo#1618402 for a complete list.
    Bugs fixed
    * bmo#1528113 - Use ARM Cryptography Extension for SHA256.
    * bmo#1603042 - Add TLS 1.3 external PSK support.
    * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
    * bmo#1645186 - Add "certSIGN Root CA G2" root certificate.
    * bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate.
    * bmo#1641716 - Add Microsoft's non-EV root certificates.
    * bmo1621151 - Disable email trust bit for "O=Government
      Root Certification Authority; C=TW" root.
    * bmo#1645199 - Remove AddTrust root certificates.
    * bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate.
    * bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root
    * bmo#1618402 - Remove Symantec root certificates and disable email trust
    * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
    * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
    * bmo#1642153 - Fix infinite recursion building NSS.
    * bmo#1642638 - Fix fuzzing assertion crash.
    * bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
    * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
    * bmo#1643557 - Fix numerous compile warnings in NSS.
    * bmo#1644774 - SSL gtests to use ClearServerCache when resetting
      self-encrypt keys.
    * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
    * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
* Mon Jun 29 2020 Hans Petter Jansson <>
  - Expand nss-fips-fix-missing-nspr.patch to avoid spurious
    initialization attempt of global RNG (bsc#1168669).
* Thu Jun 25 2020 Hans Petter Jansson <>
  - Add nss-fips-fix-missing-nspr.patch (bsc#1168669).
* Wed Jun 17 2020 Martin Sirringhaus <>
  - update to NSS 3.53.1
    * CVE-2020-12402 - Use constant-time GCD and modular inversion
      in MPI (bmo#1631597, bsc#1173032)
* Tue Jun 02 2020 Martin Sirringhaus <>
  - update to NSS 3.53
    Notable changes:
    * When using the Makefiles, NSS can be built in parallel, speeding up
      those builds to more similar performance as the
      system. (bmo#290526)
    * SEED is now moved into a new freebl directory
      freebl/deprecated (Bug 1636389). SEED will be disabled by default in
      a future release of NSS. At that time, users will need to set the
      compile-time flag (bmo#1622033) to disable that deprecation in order
      to use the algorithm.
      Algorithms marked as deprecated will ultimately
      be removed.
    * Several root certificates in the Mozilla program now set
      the CKA_NSS_SERVER_DISTRUST_AFTER attribute, which NSS consumers can
      query to further refine trust decisions. (bmo#1618404, bmo#1621159)
      If a builtin certificate has a CKA_NSS_SERVER_DISTRUST_AFTER timestamp
      before the  SCT or NotBefore date of a certificate that builtin
      issued, then clients can elect not to trust it. This attribute
      provides a more graceful phase-out for certificate authorities than
      complete removal from the root certificate builtin store.
    Bugs fixed
    * Initialize PBE params (ASAN fix) (bmo#1640260)
    * Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs
      root certs (bmo#1621159)
    * PPC64: Correct compilation error between VMX vs. VSX vector
      instructions (bmo#1629414)
    * Fix various compile warnings in NSS (bmo#1639033)
    * Fix a null pointer in security/nss/lib/ssl/sslencode.c:67
    * Fix a null pointer in security/nss/lib/ssl/sslsock.c:4460
    * Avoid multiple definitions of SHA{256,384,512}_* symbols when linking in Firefox on ppc64le (bmo#1638289)
    * Relocate deprecated SEED algorithm (bmo#1636389)
    * lib/ckfw: No such file or directory. Stop. (bmo#1637083)
    * Additional modular inverse test (bmo#1561331)
    * Rework and cleanup gmake builds (bmo#1629553)
    * Remove mkdepend and "depend" make target (bmo#1438431)
    * Support parallel building of NSS when using the Makefiles (bmo#290526)
    * HACL* update after changes in libintvector.h (bmo#1636206)
    * Fix building NSS on Debian s390x, mips64el, and riscv64 (bmo#1636058)
    * Add option to build without SEED (bmo#1622033)
  - Remove upstreamed patches nss-kremlin-ppc64le.patch
    and nss-unit-test-fixes.patch
* Tue May 26 2020 Martin Sirringhaus <>
  - update to NSS 3.52.1
    Notable changes
    * Update NSS to support PKCS#11 v3.0 (bmo#1603628)
    * Support new PKCS #11 v3.0 Message Interface for AES-GCM and
      ChaChaPoly (bmo#1623374)
    * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL*
    * CVE-2020-12399 - Force a fixed length for DSA exponentiation
      (bmo#1631576, bsc#1171978)
  - Set NSS_ENABLE_WERROR=0 in order to fix boo#1169746.
  - update to NSS 3.52:
    * Update NSS to support PKCS #11 v3.0. (bmo#1603628)
      Note: This change modifies the CK_GCM_PARAMS struct to include
      the ulIvBits field which, prior to PKCS #11 v3.0, was
      ambiguously defined and not included in the NSS definition.
      If an application is recompiled with NSS 3.52+, this field
      must be initialized to a value corresponding to ulIvLen.
      Alternatively, defining NSS_PKCS11_2_0_COMPAT will yield the
      old definition. See the bug for more information.
    * Support new PKCS #11 v3.0 Message Interface for AES-GCM and
      ChaChaPoly (bmo#1623374).
    * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from
      HACL* (bmo#1612493).
    * Fix unused variable 'getauxval' error on iOS compilation.
    * Add Softoken functions for FIPS. (bmo#1630721)
    * Fix problem of GYP MSVC builds not producing debug symbol files.
    * Add IKEv1 Quick Mode KDF. (bmo#1629663)
    * MPConfig calls in SSL initialize policy before NSS is initialized.
    * Support temporary session objects in ckfw. (bmo#1629655)
    * Add PKCS11 v3.0 functions to module debug logger. (bmo#1629105)
    * Fix error in generation of fuzz32 docker image after updates.
    * Fix implicit declaration of function 'getopt' error. (bmo#1625133)
    * Allow building of gcm-arm32-neon on non-armv7 architectures.
    * Fix compilation error in Firefox Android. (bmo#1624402)
    * Require CK_FUNCTION_LIST structs to be packed. (bmo#1624130)
    * Fix clang warning for unknown argument '-msse4'. (bmo#1624377)
    * Support new PKCS #11 v3.0 Message Interface for AES-GCM and
      ChaChaPoly. (bmo#1623374)
    * Fix freebl_cpuid for querying Extended Features. (bmo#1623184)
    * Fix argument parsing in lowhashtest. (bmo#1622555)
    * Introduce NSS_DISABLE_GCM_ARM32_NEON to build on arm32 without
      NEON support. (bmo#1620799)
    * Add workaround option to include both DTLS and TLS versions in
      DTLS supported_versions. (bmo#1619102)
    * Update README: TLS 1.3 is not experimental anymore. (bmo#1619056)
    * Fix UBSAN issue in ssl_ParseSessionTicket. (bmo#1618915)
    * Don't assert fuzzer behavior in SSL_ParseSessionTicket.
    * Update Delegated Credentials implementation to draft-07.
    * Update HACL* dependencies for libintvector.h (bmo#1617533)
    * Add vector accelerated SHA2 for POWER 8+. (bmo#1613238)
    * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from
      HACL*. (bmo#1612493)
    * Maintain PKCS11 C_GetAttributeValue semantics on attributes that
      lack NSS database columns. (bmo#1612281)
    * Add Wycheproof RSA test vectors. (bmo#1612260)
    * broken fipstest handling of KI_len. (bmo#1608250)
    * Consistently handle NULL slot/session. (bmo#1608245)
    * Avoid dcache pollution from sdb_measureAccess(). (bmo#1603801)
    * Update NSS to support PKCS #11 v3.0. (bmo#1603628)
    * TLS 1.3 does not work in FIPS mode. (bmo#1561637)
    * Fix overzealous assertion when evicting a cached sessionID or
      using external cache. (bmo#1531906)
    * Fix issue where testlib makefile build produced extraneous object
      files. (bmo#1465613)
    * Properly handle multi-block SEED ECB inputs. (bmo#1619959)
    * Guard all instances of NSSCMSSignedData.signerInfo to avoid a CMS
      crash (bmo#1630925)
    * Name Constraints validation: CN treated as DNS name even when
      syntactically invalid as DNS name (bmo#1571677)
  - update to NSS 3.51.1:
    * Update Delegated Credentials implementation to draft-07
    * Add workaround option to include both DTLS and TLS versions in
      DTLS supported_versions (bmo#1619102)
    * Update README: TLS 1.3 is not experimental anymore
    * Don't assert fuzzer behavior in SSL_ParseSessionTicket
    * Fix UBSAN issue in ssl_ParseSessionTicket (bmo#1618915)
    * Consistently handle NULL slot/session (bmo#1608245)
    * broken fipstest handling of KI_len (bmo#1608250)
    * Update Delegated Credentials implementation to draft-07
  - Add patch nss-kremlin-ppc64le.patch to fix ppc and s390x builds
  - update to NSS 3.51
    * Updated DTLS 1.3 implementation to Draft-34. (bmo#1608892)
    * Correct swapped PKCS11 values of CKM_AES_CMAC and
      CKM_AES_CMAC_GENERAL (bmo#1611209)
    * Complete integration of Wycheproof ECDH test cases (bmo#1612259)
    * Check if PPC __has_include(<sys/auxv.h>) (bmo#1614183)
    * Fix a compilation error for ‘getFIPSEnv’ "defined but not used"
    * Send DTLS version numbers in DTLS 1.3 supported_versions extension
      to avoid an incompatibility. (bmo#1615208)
    * SECU_ReadDERFromFile calls strstr on a string that isn't guaranteed
      to be null-terminated (bmo#1538980)
    * Correct a warning for comparison of integers of different signs:
      'int' and 'unsigned long' in security/nss/lib/freebl/ecl/ecp_25519.c:88
    * Add test for mp_int clamping (bmo#1609751)
    * Don't attempt to read the fips_enabled flag on the machine unless
      NSS was built with FIPS enabled (bmo#1582169)
    * Fix a null pointer dereference in BLAKE2B_Update (bmo#1431940)
    * Fix compiler warning in secsign.c (bmo#1617387)
    * Fix a OpenBSD/arm64 compilation error: unused variable 'getauxval'
    * Fix a crash on unaligned CMACContext.aes.keySchedule when using
      AES-NI intrinsics (bmo#1610687)
  - update to NSS 3.50
    * Verified primitives from HACL* were updated, bringing performance
      improvements for several platforms.
      Note that Intel processors with SSE4 but without AVX are currently
      unable to use the improved ChaCha20/Poly1305 due to a build issue;
      such platforms will fall-back to less optimized algorithms.
      See bmo#1609569 for details
    * Updated DTLS 1.3 implementation to Draft-30.
      See bmo#1599514 for details.
    * Added NIST SP800-108 KBKDF - PKCS#11 implementation.
      See bmo#1599603 for details.
    * Several bugfixes and minor changes
  - Disable LTO on %arm as LTO fails on neon errors
  - update to NSS 3.49.2
    Fixed bugs:
    * Fix compilation problems with NEON-specific code in freebl
    * Fix a taskcluster issue with Python 2 / Python 3 (bmo#1608895)
  - update to NSS 3.49.1
    * Cache the most recent PBKDF2 password hash, to speed up repeated
      SDR operations, important with the increased KDF iteration counts (bmo#1606992)
    * The legacy DBM database, libnssdbm, is no longer built by default
      when using gyp builds (bmo#1594933)
    * several bugfixes
  - update to NSS 3.48
    Notable Changes
    * TLS 1.3 is the default maximum TLS version (bmo#1573118)
    * TLS extended master secret is enabled by default, where possible
    * The master password PBE now uses 10,000 iterations by default when
      using the default sql (key4.db) storage (bmo#1562671)
    Certificate Authority Changes
    * Added Entrust Root Certification Authority - G4 Cert (bmo#1591178)
  - requires NSPR 4.24
* Tue May 19 2020 Hans Petter Jansson <>
  - nss-fips-aes-keywrap-post.patch: Add AES Keywrap POST.
  - nss-fips-constructor-self-tests.patch: Accept EACCES in lieu
    of ENOENT when trying to access /proc/sys/crypto/fips_enabled
* Sun Apr 26 2020 Hans Petter Jansson <>
  - nss-fips-constructor-self-tests.patch: Add Softoken POSTs for
    new DSA and ECDSA hash-and-sign update functinos.
* Fri Apr 24 2020 Hans Petter Jansson <>
  - nss-fips-combined-hash-sign-dsa-ecdsa.patch: Add pairwise
    consistency check for CKM_SHA224_RSA_PKCS. Remove ditto checks
    for CKM_RSA_PKCS, CKM_DSA and CKM_ECDSA, since these are served
    by the new CKM_SHA224_RSA_PKCS, CKM_DSA_SHA224, CKM_ECDSA_SHA224
  - nss-fips-constructor-self-tests.patch: Replace bad attempt at
    unconditional nssdbm checksumming with a dlopen(), so it can be
    located consistently and perform its own self-tests.
* Tue Apr 21 2020 Hans Petter Jansson <>
  - Add nss-fix-dh-pkcs-derive-inverted-logic.patch. This fixes an
    instance of inverted logic due to a boolean being mistaken for
    a SECStatus, which caused key derivation to fail when the caller
    provided a valid subprime.
* Fri Apr 17 2020 Hans Petter Jansson <>
  - Add nss-fips-combined-hash-sign-dsa-ecdsa.patch. This implements
    API mechanisms for performing DSA and ECDSA hash-and-sign
    in a single call, which will be required in future FIPS cycles.
* Wed Apr 15 2020 Hans Petter Jansson <>
  - nss-fips-constructor-self-tests.patch: Always perform nssdbm
    checksumming on softoken load, even if nssdbm itself is not
* Mon Apr 06 2020 Hans Petter Jansson <>
  - nss-fips-detect-fips-mode-fixes.patch: Use secure_getenv() to
    avoid PR_GetEnvSecure() being called when NSPR is unavailable,
    resulting in an abort (bsc#1168669).
* Wed Mar 18 2020 Hans Petter Jansson <>
  - Added patches related to FIPS certification:
    * nss-fips-use-getrandom.patch: Use getrandom() to obtain entropy
      where possible.
    * nss-fips-dsa-kat.patch: Make DSA KAT FIPS compliant.
    * nss-fips-pairwise-consistency-check.patch: Use FIPS compliant
      hash when validating keypair.
    * nss-fips-rsa-keygen-strictness.patch: Enforce FIPS requirements
      on RSA key generation.
    * nss-fips-cavs-keywrap.patch,
      nss-fips-cavs-rsa-fixes.patch: Miscellaneous fixes to CAVS
    * nss-fips-gcm-ctr.patch: Enforce FIPS limits on how much data
      can be processed without rekeying.
    * nss-fips-constructor-self-tests.patch: Run self tests on
      library initialization in FIPS mode.
    * nss-fips-approved-crypto-non-ec.patch: Disable non-compliant
      algorithms in FIPS mode (hashes and the SEED cipher).
    * nss-fips-zeroization.patch: Clear various temporary variables
      after use.
    * nss-fips-tls-allow-md5-prf.patch: Allow MD5 to be used in TLS
    * nss-fips-use-strong-random-pool.patch: Preferentially gather
      entropy from /dev/random over /dev/urandom.
    * nss-fips-detect-fips-mode-fixes.patch: Allow enabling FIPS mode
      consistently with NSS_FIPS environment variable.
    * nss-unit-test-fixes.patch: Fix argument parsing bug in
* Wed Dec 04 2019 Martin Sirringhaus <>
  - update to NSS 3.47.1
    * CVE-2019-11745 - EncryptUpdate should use maxout, not block size
    * Fix a crash that could be caused by client certificates during startup
      (bmo#1590495, bsc#1158527)
    * Fix compile-time warnings from uninitialized variables in a perl script
  - update to NSS 3.47
    * Support AES HW acceleration on ARMv8 (bmo#1152625)
    * Allow per-socket run-time ordering of the cipher suites presented
      in ClientHello (bmo#1267894)
    * Add CMAC to FreeBL and PKCS #11 libraries (bmo#1570501)
  - update to NSS 3.46.1
    * The following CA certificates were Removed:
      expired Class 2 Primary root certificate
      expired UTN-USERFirst-Client root certificate
      expired Deutsche Telekom Root CA 2 root certificate
      Swisscom Root CA 2 root certificate
    * Significant improvements to AES-GCM performance on ARM
    * Soft token MAC verification not constant time (bmo#1582343)
    * Remove arbitrary HKDF output limit by allocating space as needed
  - update to NSS 3.46
    * CVE-2019-17006 - Add length checks for cryptographic primitives
      (bmo#1539788, bsc#1159819)
    * The following CA certificates were Removed:
      expired Class 2 Primary root certificate
      expired UTN-USERFirst-Client root certificate
      expired Deutsche Telekom Root CA 2 root certificate
      Swisscom Root CA 2 root certificate
    * Significant improvements to AES-GCM performance on ARM
* Mon Jul 15 2019 Martin Sirringhaus <>
  - update to NSS 3.45 (bsc#1141322)
    * New function in pk11pub.h: PK11_FindRawCertsWithSubject
    * The following CA certificates were Removed:
      CN = Certinomis - Root CA (bmo#1552374)
    * Implement Delegated Credentials (draft-ietf-tls-subcerts)
      This adds a new experimental function SSL_DelegateCredential
      Note: In 3.45, selfserv does not yet support delegated
      credentials (See bmo#1548360).
      Note: In 3.45 the SSLChannelInfo is left unmodified,
      while an upcoming change in 3.46 will set
      SSLChannelInfo.authKeyBits to that of the delegated
      credential for better policy enforcement
      (See bmo#1563078).
    * Replace ARM32 Curve25519 implementation with one from
      fiat-crypto (bmo#1550579)
    * Support static linking on Windows (bmo#1551129)
    * Expose a function PK11_FindRawCertsWithSubject for finding
      certificates with a given subject on a given slot
    * Add IPSEC IKE support to softoken (bmo#1546229)
    * Add support for the Elbrus lcc compiler (<=1.23)
    * Expose an external clock for SSL (bmo#1543874)
      This adds new experimental functions: SSL_SetTimeFunc,
      SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and
      The experimental function SSL_InitAntiReplay is removed.
    * Various changes in response to the ongoing FIPS review
      Note: The source package size has increased substantially
      due to the new FIPS test vectors. This will likely
      prompt follow-on work, but please accept our
      apologies in the meantime.
* Fri Jun 28 2019 Charles Robertson <>
  - update to NSS 3.44.1
    * (3.44.1) now required by Firefox 68.0
    New Functionality:
    * Add IPSEC IKE support to softoken (bmo#1546229)
    * Many new FIPS test cases (Note: This has increased the source
      archive by approximately 50 megabytes for this release.)
    Bugs fixed:
    * Optimize away unneeded loop in mpi.c (bmo#1554336)
    * More thorough input checking (bmo#1515342)
    * Don't unnecessarily strip leading 0's from key material during
      PKCS11 import (bmo#1540541)
    * Add a SSLKEYLOGFILE enable/disable flag at
    * Fix SECKEY_ConvertToPublicKey handling of non-RSA keys
    * Updates to testing for FIPS validation (bmo#1546477)
    * Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
    * Unbreak build on GCC < 4.3 big-endian (bmo#1551041)
  - Activate -fPIE -pie during the compile
* Fri May 24 2019 Martin Sirringhaus <>
  - update to NSS 3.44
    * (3.44) required by Firefox 68.0
    New functionality
    * Support XDG basedir specification (bmo#818686)
    * HASH_GetHashOidTagByHashType - convert type HASH_HashType to
      type SECOidTag
    * SSL_SendCertificateRequest - allow server to request
      post-handshake client authentication. To use this both peers
      need to enable the SSL_ENABLE_POST_HANDSHAKE_AUTH option.
    Notable changes
    * The following CA certificates were added:
      CN = emSign Root CA - G1
      CN = emSign ECC Root CA - G3
      CN = emSign Root CA - C1
      CN = emSign ECC Root CA - C3
      CN = Hongkong Post Root CA 3
    Bugs fixed:
    * CVE-2018-18508 (bmo#1507135, bmo#1507174)
      Add additional null checks to several CMS functions to fix a
      rare CMS crash.
    * Improve Gyp build system handling (bmo#1528669, bmo#1529308)
    * Reject invalid CH.legacy_version in TLS 1.3 (bmo#1490006)
    * A fix for Solaris where Firefox 60 core dumps during start when
      using profile from version 52 (bmo#1513913)
    * Improve NSS S/MIME tests for Thunderbird (bmo#1529950, bmo#1521174)
    * If Docker isn't installed, try running a local clang-format as a
      fallback (bmo#1530134)
    * Enable FIPS mode automatically if the system FIPS mode flag is
      set (bmo#1531267)
    * Add a -J option to the strsclnt command to specify
      sigschemes (bmo#1528262)
    * Add manual for nss-policy-check (bmo#1513909)
    * Fix a deref after a null check in SECKEY_SetPublicValue (bmo#1531074)
    * Properly handle ESNI with HRR (bmo#1517714)
    * Expose HKDF-Expand-Label with mechanism (bmo#1529813)
    * Align TLS 1.3 HKDF trace levels (bmo#1535122)
    * Use getentropy on compatible versions of FreeBSD. (bmo#1530102)
* Thu Jan 31 2019
  - update to NSS 3.41.1
    * (3.41) required by Firefox 65.0
    New functionality
    * Implemented EKU handling for IPsec IKE. (bmo#1252891)
    * Enable half-closed states for TLS. (bmo#1423043)
    * Enabled the following ciphersuites by default: (bmo#1493215)
    Notable changes
    * The following CA certificates were added:
      CN = Certigna Root CA
      CN = GTS Root R1
      CN = GTS Root R2
      CN = GTS Root R3
      CN = GTS Root R4
      CN = UCA Global G2 Root
      CN = UCA Extended Validation Root
    * The following CA certificates were removed:
      CN = AC Raíz Certicámara S.A.
      CN = Certplus Root CA G1
      CN = Certplus Root CA G2
      CN = OpenTrust Root CA G1
      CN = OpenTrust Root CA G2
      CN = OpenTrust Root CA G3
    Bugs fixed
    * Reject empty supported_signature_algorithms in Certificate
      Request in TLS 1.2 (bmo#1412829)
    * Cache side-channel variant of the Bleichenbacher attack (bmo#1485864)
    * Resend the same ticket in ClientHello after HelloRetryRequest (bmo#1481271)
    * Set session_id for external resumption tokens (bmo#1493769)
    * Reject CCS after handshake is complete in TLS 1.3 (bmo#1507179)
    * Add additional null checks to several CMS functions to fix a rare
      CMS crash. (bmo#1507135, bmo#1507174) (3.41.1)
  - removed obsolete patches
* Thu Jan 10 2019
  - hmac packages inadvertently removed in last update: re-added.
  - Added "Suggest:" for libfreebl3 and libsoftokn3 respective -hmac
      packages to avoid dependency issues during updates
      (bsc#1090767, bsc#1121045)
* Thu Dec 13 2018
  - update to NSS 3.40.1
    * required by Firefox 64.0
    * patch release fixes CVE-2018-12404
    Notable bug fixes
    * FFDHE key exchange sometimes fails with decryption failure (bmo#1478698)
    New functionality
    * The draft-00 version of encrypted SNI support is implemented
    * tstclnt now takes -N option to specify encrypted SNI key
    Notable changes
    * The mozilla::pkix library has been ported from Mozilla PSM to NSS.
      This is a C++ library for building certification paths.
      mozilla::pkix APIs are not exposed in the libraries NSS builds.
    * It is easier to build NSS on Windows in mozilla-build environments
    * The following CA certificates were Removed:
      CN = Visa eCommerce Root
* Mon Oct 29 2018
  - update to NSS 3.39
    * required by Firefox 63.0
    Notable bug fixes
    * NSS responded to an SSLv2-compatible ClientHello with a
      ServerHello that had an all-zero random (CVE-2018-12384) (bmo#1483128)
    New functionality
    * The tstclnt and selfserv utilities added support for configuring
      the enabled TLS signature schemes using the -J parameter.
    * NSS will use RSA-PSS keys to authenticate in TLS. Support for
      these keys is disabled by default but can be enabled using
    * certutil added the ability to delete an orphan private key from
      an NSS key database.
    * Added the nss-policy-check utility, which can be used to check
      an NSS policy configuration for problems.
    * A PKCS#11 URI can be used as an identifier for a PKCS#11 token.
    Notable changes
    * The TLS 1.3 implementation uses the final version number from
      RFC 8446.
    * Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
      where the DigestInfo structure was missing the NULL parameter.
      Starting with version 3.39, NSS requires the encoding to contain
      the NULL parameter.
    * The tstclnt and selfserv test utilities no longer accept the -z
      parameter, as support for TLS compression was removed in a
      previous NSS version.
    * The CA certificates list was updated to version 2.26.
    * The following CA certificates were Added:
    - OU = GlobalSign Root CA - R6
    - CN = OISTE WISeKey Global Root GC CA
    * The following CA certificate was Removed:
    - CN = ComSign
    * The following CA certificates had the Websites trust bit disabled:
    - CN = Certplus Root CA G1
    - CN = Certplus Root CA G2
    - CN = OpenTrust Root CA G1
    - CN = OpenTrust Root CA G2
    - CN = OpenTrust Root CA G3
  - enable PIE support for the included binaries
  - update to NSS 3.38
    * required by Firefox 62.0
    New Functionality
    * Added support for the TLS Record Size Limit Extension
    * When creating a certificate request (CSR) using certutil -R, an
      existing orphan private key can be reused. Parameter -k may be
      used to specify the ID of an existing orphan key. The available
      orphan key IDs can be displayed using command certutil -K.
    * When using certutil -O to print the chain for a given certificate
      nickname, the new parameter --simple-self-signed may be provided,
      which can avoid ambiguous output in some scenarios.
    New Functions
    * SECITEM_MakeItem - Allocate and make an item with the requested contents
    New Macros
    * SSL_RECORD_SIZE_LIMIT - used to control the TLS Record Size Limit
      Extension (in ssl.h)
    Notable Changes
    * Fixed CVE-2018-0495 (bmo#1464971)
    * Various security fixes in the ASN.1 code
    * NSS automatically enables caching for SQL database storage on
      Linux, if it is located on a network filesystem that's known to
      benefit from caching.
    * When repeatedly importing the same certificate into an SQL database,
      the existing nickname will be kept.
  - update to NSS 3.37.3
    * required by Firefox 61.0
    Notable changes:
    * The TLS 1.3 implementation was updated to Draft 28.
    * Added HACL* Poly1305 32-bit
    * The code to support the NPN protocol has been fully removed.
    * NSS allows servers now to register ALPN handling callbacks to
      select a protocol.
    * NSS supports opening SQL databases in read-only mode.
    * On Linux, some build configurations can use glibc's function
      getentropy(), which uses the kernel's getrandom() function.
    * The CA list was updated to version 2.24, which removed the
      following CA certificates:
    - CN = S-TRUST Universal Root CA
    - CN = TC TrustCenter Class 3 CA II
    - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
    * Fix build on armv6/armv7 and other platforms (bmo#1459739)
  - Set USE_64 on riscv64
* Thu Jun 07 2018
  - update to NSS 3.36.4
    * required for Firefox 60.0.2 (bsc#1096515)
    * Fix crash on macOS related to authentication tokens, e.g. PK11or
      WebAuthn. (bmo#1461731)
    Bugfixes from 3.36.2
    * Connecting to a server that was recently upgraded to TLS 1.3
      would result in a SSL_RX_MALFORMED_SERVER_HELLO error. (bmo#1462303)
    * Fix a rare bug with PKCS#12 files. (bmo#1460673)
  - use relro linker option (add-relro-linker-option.patch)
* Tue Apr 24 2018
  - update to NSS 3.36.1
    Notable changes
    * In NSS version 3.35 the iteration count in optimized builds,
      which is used for password based encryption algorithm related to
      encrypted PKCS#7 or PKCS#12 data, was increased to one million
      iterations. That change had caused an interoperability regression
      with operating systems that are limited to 600 K iterations.
      NSS 3.36.1 has been changed to use the same 600 K limit.
    Bugs fixed
    * Certain smartcard operations could result in a deadlock.
* Thu Mar 15 2018
  - update to NSS 3.36
    New functionality
    * Experimental APIs for TLS session cache handling
    Notable Changes
    * Replaces existing vectorized ChaCha20 code with verified
      HACL* implementation.
  - Removed patch as no longer needed: renegotiate-transitional.patch
    upstream fix
* Thu Feb 08 2018
  - update to NSS 3.35
    New functionality
    * TLS 1.3 support has been updated to draft -23. This includes a
      large number of changes since 3.34, which supported only draft
    - 18. See below for details.
    New Types
    * SSLHandshakeType - The type of a TLS handshake message.
    * For the SSLSignatureScheme enum, the enumerated values
      ssl_sig_rsa_pss_sha* are deprecated in response to a change in
      TLS 1.3.  Please use the equivalent ssl_sig_rsa_pss_rsae_sha*
      for rsaEncryption keys, or ssl_sig_rsa_pss_pss_sha* for PSS keys.
      Note that this release does not include support for the latter.
    Notable Changes
    * Previously, NSS used the DBM file format by default. Starting
      with version 3.35, NSS uses the SQL file format by default.
      Additional information can be found on this Fedora Linux project
    * Added formally verified implementations of non-vectorized Chacha20
      and non-vectorized Poly1305 64-bit.
    * For stronger security, when creating encrypted PKCS#7 or PKCS#12 data,
      the iteration count for the password based encryption algorithm
      has been increased to one million iterations. Note that debug builds
      will use a lower count, for better performance in test environments.
    * NSS 3.30 had introduced a regression, preventing NSS from reading
      some AES encrypted data, produced by older versions of NSS.
      NSS 3.35 fixes this regression and restores the ability to read
      affected data.
    * The following CA certificates were Removed:
      OU = Security Communication EV RootCA1
      CN = CA Disig Root R1
      CN = DST ACES CA X6
      Subject CN = VeriSign Class 3 Secure Server CA - G2
    * The Websites (TLS/SSL) trust bit was turned off for the following
      CA certificates:
      CN = Chambers of Commerce Root
      CN = Global Chambersign Root
    * TLS servers are able to handle a ClientHello statelessly, if the
      client supports TLS 1.3.  If the server sends a HelloRetryRequest,
      it is possible to discard the server socket, and make a new socket
      to handle any subsequent ClientHello. This better enables stateless
      server operation. (This feature is added in support of QUIC, but it
      also has utility for DTLS 1.3 servers.)
    * The tstclnt utility now supports DTLS, using the -P option.  Note that
      a DTLS server is also provided in tstclnt.
    * TLS compression is no longer possible with NSS. The option can be
      enabled, but NSS will no longer negotiate compression.
    * The signatures of functions SSL_OptionSet, SSL_OptionGet,
      SSL_OptionSetDefault and SSL_OptionGetDefault have been modified,
      to take a PRIntn argument rather than PRBool. This makes it clearer,
      that options can have values other than 0 or 1.  Note this does
      not affect ABI compatibility, because PRBool is a typedef for PRIntn.
* Tue Jan 09 2018
  - update to NSS 3.34.1
    Changes in 3.34:
    Notable changes
    * The following CA certificates were Added:
      GDCA TrustAUTH R5 ROOT Root Certification Authority RSA Root Certification Authority ECC EV Root Certification Authority RSA R2 EV Root Certification Authority ECC
      TrustCor RootCert CA-1
      TrustCor RootCert CA-2
      TrustCor ECA-1
    * The following CA certificates were Remove