05db003205
New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate is configured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=216 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
baselibs.conf | ||
cert9.db | ||
key4.db | ||
malloc.patch | ||
mozilla-nss-rpmlintrc | ||
mozilla-nss.changes | ||
mozilla-nss.spec | ||
nss-3.24.tar.gz | ||
nss-config.in | ||
nss-disable-ocsp-test.patch | ||
nss-no-rpath.patch | ||
nss-opt.patch | ||
nss-sqlitename.patch | ||
nss.pc.in | ||
pkcs11.txt | ||
renegotiate-transitional.patch | ||
setup-nsssysinit.sh | ||
system-nspr.patch |