OLD | NEW |
---|---|
1 Name: Network Security Services (NSS) | 1 Name: Network Security Services (NSS) |
2 URL: http://www.mozilla.org/projects/security/pki/nss/ | 2 URL: http://www.mozilla.org/projects/security/pki/nss/ |
3 Version: 3.15.5 Beta 2 | 3 Version: 3.18 RTM |
4 Security Critical: Yes | 4 Security Critical: Yes |
5 License: MPL 2 | 5 License: MPL 2 |
6 License File: NOT_SHIPPED | 6 License File: NOT_SHIPPED |
7 | 7 |
8 This directory includes a copy of NSS's libssl from the hg repo at: | 8 This directory includes a copy of NSS's libssl from the hg repo at: |
9 https://hg.mozilla.org/projects/nss | 9 https://hg.mozilla.org/projects/nss |
10 | 10 |
11 The same module appears in crypto/third_party/nss (and third_party/nss on some | 11 The same module appears in crypto/third_party/nss (and third_party/nss on some |
12 platforms), so we don't repeat the license file here. | 12 platforms), so we don't repeat the license file here. |
13 | 13 |
14 The snapshot was updated to the hg tag: NSS_3_15_5_BETA2 | 14 The snapshot was updated to the hg tag: NSS_3_18_RTM |
15 | 15 |
16 Patches: | 16 Patches: |
17 | 17 |
18 * Cache the peer's intermediate CA certificates in session ID, so that | 18 * Cache the peer's intermediate CA certificates in session ID, so that |
19 they're available when we resume a session. | 19 they're available when we resume a session. |
20 patches/cachecerts.patch | 20 patches/cachecerts.patch |
21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 | 21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 |
22 | 22 |
23 * Add support for client auth with native crypto APIs on Mac and Windows. | 23 * Add support for client auth with native crypto APIs on Mac and Windows. |
24 patches/clientauth.patch | 24 patches/clientauth.patch |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
76 https://bugzilla.mozilla.org/show_bug.cgi?id=764646 | 76 https://bugzilla.mozilla.org/show_bug.cgi?id=764646 |
77 | 77 |
78 * Support the Certificate Transparency (RFC 6962) TLS extension | 78 * Support the Certificate Transparency (RFC 6962) TLS extension |
79 signed_certificate_timestamp (client only). | 79 signed_certificate_timestamp (client only). |
80 patches/signedcertificatetimestamps.patch | 80 patches/signedcertificatetimestamps.patch |
81 https://bugzilla.mozilla.org/show_bug.cgi?id=944175 | 81 https://bugzilla.mozilla.org/show_bug.cgi?id=944175 |
82 | 82 |
83 * Add a function to allow the cipher suites preference order to be set. | 83 * Add a function to allow the cipher suites preference order to be set. |
84 patches/cipherorder.patch | 84 patches/cipherorder.patch |
85 | 85 |
86 * Add TLS_FALLBACK_SCSV cipher suite to version fallback connections. | |
87 patches/fallbackscsv.patch | |
88 | |
89 * Add explicit functions for managing the SSL/TLS session cache. | 86 * Add explicit functions for managing the SSL/TLS session cache. |
90 This is a temporary workaround until Chromium migrates to NSS's | 87 This is a temporary workaround until Chromium migrates to NSS's |
91 asynchronous certificate verification. | 88 asynchronous certificate verification. |
92 patches/sessioncache.patch | 89 patches/sessioncache.patch |
93 | 90 |
94 * Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs | 91 * Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs |
95 in the lock rank checking code in PRRWLock. | 92 in the lock rank checking code in PRRWLock. |
96 patches/nssrwlock.patch | 93 patches/nssrwlock.patch |
97 https://bugzilla.mozilla.org/show_bug.cgi?id=957812 | 94 https://bugzilla.mozilla.org/show_bug.cgi?id=957812 |
98 | 95 |
99 * Use the IANA-assigned value for the TLS padding extension. | 96 * Make the build metadata deterministic |
100 patches/paddingextvalue.patch | 97 patches/removebuildmetadata.patch |
101 https://bugzilla.mozilla.org/show_bug.cgi?id=994883 | |
102 | |
103 * Move the signature_algorithms extension to the end of the extension list. | |
104 This works around a bug in WebSphere Application Server 7.0 which is | |
105 intolerant to the final extension having zero length. | |
106 patches/reorderextensions.patch | |
davidben
2015/04/03 19:06:18
This patch wasn't dropped.
| |
107 | |
108 * Ignore out-of-order DTLS ChangeCipherSpec. | |
109 patches/ignorechangecipherspec.patch | |
110 https://bugzilla.mozilla.org/show_bug.cgi?id=1009227 | |
111 | |
112 * Implement server-side components of ALPN (RFC 7301). | |
113 patches/alpnserver.patch | |
114 https://bugzilla.mozilla.org/show_bug.cgi?id=996250 | |
115 | 98 |
116 Apply the patches to NSS by running the patches/applypatches.sh script. Read | 99 Apply the patches to NSS by running the patches/applypatches.sh script. Read |
117 the comments at the top of patches/applypatches.sh for instructions. | 100 the comments at the top of patches/applypatches.sh for instructions. |
118 | 101 |
119 The ssl/bodge directory contains files taken from the NSS repo that we required | 102 The ssl/bodge directory contains files taken from the NSS repo that we required |
120 for building libssl outside of its usual build environment. | 103 for building libssl outside of its usual build environment. |
OLD | NEW |