You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

NSS 3.11.4 Release Notes

17 November 2006




Network Security Services (NSS) 3.11.4 is a patch release for NSS 3.11. The bug fixes in NSS 3.11.4 are described in the "Bugs Fixed" section below.

Distribution Information

The CVS tag for the NSS 3.11.4 release is NSS_3_11_4_RTM.  NSS 3.11.4 requires NSPR 4.6.4.

See the Documentation section for the build instructions.

NSS 3.11.4 source and binary distributions are also available on for secure HTTPS download:

You also need to download the NSPR 4.6.4 binary distributions to get the NSPR 4.6.4 header files and shared libraries, which NSS 3.11.4 requires. NSPR 4.6.4 binary distributions are in

New in NSS 3.11.4

  • libssl had the following added functions in 3.11.4:
    • SSL_ForceHandshakeWithTimeout (see ssl.h)
      SSL_ReHandshakeWithTimeout (see ssl.h)

Bugs Fixed

The following bugs have been fixed in NSS 3.11.4.
  • Bug 115951: freebl dynamic library is never unloaded by libsoftoken or libssl. Also tiny one-time leak in freebl's loader.c.
  • Bug 127960: SSL force handshake function should take a timeout.
  • Bug 335454: Unable to find library '' on HP-UX 64 bit.
  • Bug 350200: Implement DHMAC based POP (ProofOfPossession).
  • Bug 351482: audit_log_user_message doesn't exist in all versions of (the "paranoia patch")
  • Bug 352041: oom [@ CERT_DecodeDERCrlWithFlags] "extended" tracked as NULL was dereferenced.
  • Bug 353422: Klocwork bugs in nss/lib/crmf.
  • Bug 353475: Cannot run cmd tools compiled with VC++ 2005.
  • Bug 353572: leak in sftk_OpenCertDB.
  • Bug 353608: NSS_RegisterShutdown may fail, and appData argument to callbacks is always NULL.
  • Bug 353749: PowerUpSelf tests update for DSA and ECDSA KAT.
  • Bug 353896: Building tip with NSS_ECC_MORE_THAN_SUITE_B causes crashes in
  • Bug 353910: memory leak in RNG_RNGInit.
  • Bug 354313: STAN_GetCERTCertificateName leaks "instance" struct.
  • Bug 354384: vfyserv shutdown failure when client auth requested.
  • Bug 354900: Audit modifications, accesses, deletions, and additions of cryptographic keys.
  • Bug 355297: Improve the very first RNG_RandomUpdate call.
  • Bug 356073: C_GetTokenInfo should return CKR_CRYPTOKI_NOT_INITIALIZED if not initialized.
  • Bug 356309: CertVerifyLog in CERT_VerifyCertificate terminates early on expired certs.
  • Bug 357197: OCSP response code fails to match CERTIds. (hot fix only)
  • Bug 359484: FireFox 2 tries to negotiate ECC cipher suites using ssl2 client hello. (hot fix only)
  • Bug 360818: No RPATH set for signtool and signver.


For a list of the primary NSS documentation pages on, see NSS Documentation. New and revised documents available since the release of NSS 3.9 include the following:


NSS 3.11.4 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.11.4 shared libraries without recompiling or relinking.  Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.


Bugs discovered should be reported by filing a bug report with Bugzilla (product NSS).