f2c3469da1
New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
This code is not ready for production use.
New functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new
ServerRandom anti-downgrade mechanism. Clients that perform a
version downgrade (which is generally a very bad idea) call this
with the highest version number that they possibly support.
This gives them access to the version downgrade protection from
TLS 1.3.
Notable changes:
* The copy of SQLite shipped with NSS has been updated to version
3.10.2
* The list of TLS extensions sent in the TLS handshake has been
reordered to increase compatibility of the Extended Master Secret
with with servers
* The build time environment variable NSS_ENABLE_ZLIB has been
renamed to NSS_SSL_ENABLE_ZLIB
* The build time environment variable NSS_DISABLE_CHACHAPOLY was
added, which can be used to prevent compilation of the
ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=212