Network Security Services (NSS) 3.71 was released on 30 September 2021.
The HG tag is NSS_3_71_RTM. This version of NSS requires NSPR 4.32 or newer.
NSS 3.71 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_71_RTM/src/>
Changes:
- Bug 1717716 - Set nssckbi version number to 2.52.
- Bug 1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Bug 1373716 - Import of PKCS#12 files with Camellia encryption is not supported
- Bug 1717707 - Add HARICA Client ECC Root CA 2021.
- Bug 1717707 - Add HARICA Client RSA Root CA 2021.
- Bug 1717707 - Add HARICA TLS ECC Root CA 2021.
- Bug 1717707 - Add HARICA TLS RSA Root CA 2021.
- Bug 1728394 - Add TunTrust Root CA certificate to NSS.
-------------------------------------
Network Security Services (NSS) 3.70 was released on 4 September 2021.
The HG tag is NSS_3_70_RTM. This version of NSS requires NSPR 4.32 or newer.
NSS 3.70 source distributions are available on ftp.mozilla.org for secure HTTPS download: <https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_70_RTM/src/>
Changes:
- Documentation: release notes for NSS 3.70.
- Documentation: release notes for NSS 3.69.1.
- Bug 1726022 - Update test case to verify fix.
- Bug 1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Bug 1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Formatting for lib/util
- Bug 1681975 - Avoid using a lookup table in nssb64d.
- Bug 1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
- Bug 1714579 - Change default value of enableHelloDowngradeCheck to true.
- Formatting for gtests/pk11_gtest/pk11_hpke_unittest.cc
- Bug 1726022 - Cache additional PBE entries.
- Bug 1709750 - Read HPKE vectors from official JSON.
- Documentation: update for NSS 3.69 release.
Using the %__make macro makes it possible for an alternative buildroot
to inject its own flags into the make invocation. This makes it easier
to do trial rebuilds of fedora using different compilers or different
compiler flags.
I tried an uncached build of nss on Fedora 30 VM with 8 CPU cores
and the build time was reduced with this patch from 540 s to 250 s
of wall-clock time.