Introduction

The Network Security Services (NSS) team has released NSS 3.24, which is a minor release.

Distribution information

The hg tag is NSS_3_24_RTM. NSS 3.24 requires Netscape Portable Runtime (NSPR) 4.12 or newer.

NSS 3.24 source distributions are available on ftp.mozilla.org for secure HTTPS download:

• Source tarballs:
  https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_24_RTM/src/

New in NSS 3.24

NSS 3.24 includes two NSS softoken updates, a new function to configure SSL/TLS server sockets, and two functions to improve the use of temporary arenas.

New functionality

• NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015):
  • Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS.
  • Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow.
  • Additional CSPs are zeroed in the code.
  • NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size.
• NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse.
• A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert.  Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version.
• For functions that use temporary arenas, allocating a PORTCheapArena on the stack is more performant than allocating a PLArenaPool on the heap. Rather than declaring a PLArenaPool pointer and calling PORT_NewArena/PORT_FreeArena to allocate or free an instance on the heap, declare a PORTCheapArenaPool on the stack and use PORT_InitCheapArena/PORT_DestroyCheapArena to initialize and destroy it. Items allocated from the arena are still created on the heap, only the arena itself is stack-allocated. Note: This approach is only useful when the arena use is tightly bounded, for example, if it is only used in a single function.

New elements

This section lists and briefly describes the new functions, types, and macros in NSS 3.24.

New functions

• In ssl.h
  • SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate, private key, and other information.
• In secport.h
  • PORT_InitCheapArena - Initializes an arena that was created on the stack. (See PORTCheapArenaPool.)
  • PORT_DestroyCheapArena - Destroys an arena that was created on the stack. (See PORTCheapArenaPool.)

New types

• In sslt.h
  • SSLExtraServerCertData - Optionally passed as an argument to SSL_ConfigServerCert. This struct contains supplementary information about a certificate, such as the intended type of the certificate, stapled OCSP responses, or Signed Certificate Timestamps (used for certificate transparency).
• In secport.h
  • PORTCheapArenaPool - A stack-allocated arena pool, to be used for temporary arena allocations.

New macros

• In pkcs11t.h
  • CKM_TLS12_MAC
• In secoidt.h
  • SEC_OID_TLS_ECDHE_PSK - This OID governs the use of the TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is used only for session resumption in TLS 1.3.

Notable changes in NSS 3.24

Additions, deprecations, and other changes in NSS 3.24 are listed below.

• Deprecate the following functions. (Applications should instead use the new SSL_ConfigServerCert function.)
  • SSL_SetStapledOCSPResponses
  • SSL_SetSignedCertTimestamps
  • SSL_ConfigSecureServer
  • SSL_ConfigSecureServerWithCertChain
• Deprecate the NSS_FindCertKEAType function, as it reports a misleading value for certificates that might be used for signing rather than key exchange.
• Update SSLAuthType to define a larger number of authentication key types.
• Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType.
• Rename ssl_auth_rsa to ssl_auth_rsa_decrypt.
• Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH.
• Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages.
• Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS.
• Update NSS to protect it against the Cachebleed attack.
• Disable support for DTLS compression.
• Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use.

Bugs fixed in NSS 3.24

This Bugzilla query returns all the bugs fixed in NSS 3.24:

https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.24

Acknowledgements

The NSS development team would like to thank Yuval Yarom for responsibly disclosing the Cachebleed attack by providing advance copies of their research.

Compatibility

NSS 3.24 shared libraries are backward-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.24 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).