OLD | NEW |
| (Empty) |
1 Name: Network Security Services (NSS) | |
2 URL: http://www.mozilla.org/projects/security/pki/nss/ | |
3 Version: 3.15.5 Beta 2 | |
4 Security Critical: Yes | |
5 License: MPL 2 | |
6 License File: NOT_SHIPPED | |
7 | |
8 This directory includes a copy of NSS's libssl from the hg repo at: | |
9 https://hg.mozilla.org/projects/nss | |
10 | |
11 The same module appears in crypto/third_party/nss (and third_party/nss on some | |
12 platforms), so we don't repeat the license file here. | |
13 | |
14 The snapshot was updated to the hg tag: NSS_3_15_5_BETA2 | |
15 | |
16 Patches: | |
17 | |
18 * Cache the peer's intermediate CA certificates in session ID, so that | |
19 they're available when we resume a session. | |
20 patches/cachecerts.patch | |
21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 | |
22 | |
23 * Add support for client auth with native crypto APIs on Mac and Windows. | |
24 patches/clientauth.patch | |
25 ssl/sslplatf.c | |
26 | |
27 * Add a function to export whether the last handshake on a socket resumed a | |
28 previous session. | |
29 patches/didhandshakeresume.patch | |
30 https://bugzilla.mozilla.org/show_bug.cgi?id=731798 | |
31 | |
32 * Add function to retrieve TLS client cert types requested by server. | |
33 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 | |
34 patches/getrequestedclientcerttypes.patch | |
35 | |
36 * Add a function to restart a handshake after a client certificate request. | |
37 patches/restartclientauth.patch | |
38 | |
39 * Add support for TLS Channel IDs | |
40 patches/channelid.patch | |
41 | |
42 * Add support for extracting the tls-unique channel binding value | |
43 patches/tlsunique.patch | |
44 https://bugzilla.mozilla.org/show_bug.cgi?id=563276 | |
45 | |
46 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock. | |
47 This change was made in https://chromiumcodereview.appspot.com/10454066. | |
48 patches/secretexporterlocks.patch | |
49 | |
50 * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS | |
51 versions older than 3.15 report an EC key size range of 112 bits to 571 | |
52 bits, even when it is compiled to support only the NIST P-256, P-384, and | |
53 P-521 curves. Remove this patch when all system NSS softoken packages are | |
54 NSS 3.15 or later. | |
55 patches/suitebonly.patch | |
56 | |
57 * Define the SECItemArray type and declare the SECItemArray handling | |
58 functions, which were added in NSS 3.15. Remove this patch when all system | |
59 NSS packages are NSS 3.15 or later. | |
60 patches/secitemarray.patch | |
61 | |
62 * Update Chromium-specific code for TLS 1.2. | |
63 patches/tls12chromium.patch | |
64 | |
65 * Add Chromium-specific code to detect AES GCM support in the system NSS | |
66 libraries at run time. Remove this patch when all system NSS packages are | |
67 NSS 3.15 or later. | |
68 patches/aesgcmchromium.patch | |
69 | |
70 * Support ChaCha20+Poly1305 ciphersuites | |
71 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 | |
72 patches/chacha20poly1305.patch | |
73 | |
74 * Fix session cache lock creation race. | |
75 patches/cachelocks.patch | |
76 https://bugzilla.mozilla.org/show_bug.cgi?id=764646 | |
77 | |
78 * Support the Certificate Transparency (RFC 6962) TLS extension | |
79 signed_certificate_timestamp (client only). | |
80 patches/signedcertificatetimestamps.patch | |
81 https://bugzilla.mozilla.org/show_bug.cgi?id=944175 | |
82 | |
83 * Add a function to allow the cipher suites preference order to be set. | |
84 patches/cipherorder.patch | |
85 | |
86 * Add TLS_FALLBACK_SCSV cipher suite to version fallback connections. | |
87 patches/fallbackscsv.patch | |
88 | |
89 * Add explicit functions for managing the SSL/TLS session cache. | |
90 This is a temporary workaround until Chromium migrates to NSS's | |
91 asynchronous certificate verification. | |
92 patches/sessioncache.patch | |
93 | |
94 * Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs | |
95 in the lock rank checking code in PRRWLock. | |
96 patches/nssrwlock.patch | |
97 https://bugzilla.mozilla.org/show_bug.cgi?id=957812 | |
98 | |
99 * Use the IANA-assigned value for the TLS padding extension. | |
100 patches/paddingextvalue.patch | |
101 https://bugzilla.mozilla.org/show_bug.cgi?id=994883 | |
102 | |
103 * Move the signature_algorithms extension to the end of the extension list. | |
104 This works around a bug in WebSphere Application Server 7.0 which is | |
105 intolerant to the final extension having zero length. | |
106 patches/reorderextensions.patch | |
107 | |
108 * Ignore out-of-order DTLS ChangeCipherSpec. | |
109 patches/ignorechangecipherspec.patch | |
110 https://bugzilla.mozilla.org/show_bug.cgi?id=1009227 | |
111 | |
112 * Implement server-side components of ALPN (RFC 7301). | |
113 patches/alpnserver.patch | |
114 https://bugzilla.mozilla.org/show_bug.cgi?id=996250 | |
115 | |
116 Apply the patches to NSS by running the patches/applypatches.sh script. Read | |
117 the comments at the top of patches/applypatches.sh for instructions. | |
118 | |
119 The ssl/bodge directory contains files taken from the NSS repo that we required | |
120 for building libssl outside of its usual build environment. | |
OLD | NEW |