Introduction

Network Security Services (NSS) 3.27.1 is a patch release for NSS 3.27.

Distribution Information

The HG tag is NSS_3_27_1_RTM. NSS 3.27.1 requires NSPR 4.13 or newer.

NSS 3.27.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:

New in NSS 3.27.1

New Functionality

No new functionality is introduced in this release. This is a patch release to address a TLS compatibility issue which some applications experienced with NSS 3.27.

Notable Changes in NSS 3.27.1

Availability of the TLS 1.3 (draft) implementation has been re-disabled in the default build.

Previous versions of NSS made TLS 1.3 (draft) available only when compiled with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the maximum version used by default remained TLS 1.2.

However, some applications query the list of protocol versions that are supported by the NSS library, enabling all supported TLS protocol versions. Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused those applications to enable TLS 1.3 (draft). This resulted in connectivity failures, as some TLS servers are version 1.3 intolerant, and failed to negotiate an earlier TLS version with NSS 3.27 clients.

NSS 3.27.1 once again requires NSS_ENABLE_TLS_1_3 to be deliberately set to enable TLS 1.3 (draft).

Bugs fixed in NSS 3.27.1

Compatibility

NSS 3.27.1 shared libraries are backwards compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.27.1 shared libraries without recompiling or relinking. Applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).