NSS 3.4.3 Release Notes
4 March 2003
IntroductionNetwork Security Services (NSS) 3.4.3 is a patch release for NSS 3.4. Please refer to the NSS 3.4 Release Notes for the common information. The bug fixes in NSS 3.4.3 are described in the "Bugs Fixed" section below.
Distribution InformationThe CVS tag for the NSS 3.4.3 release is NSS_3_4_3_RTM. NSS 3.4.3 requires NSPR 4.1.2 or later.
Bugs FixedThe following bugs have been fixed in NSS 3.4.3.
160207: SSL/TLS attack on block cipher padding in CBC mode.
- Bug 160635:
CRL lookup consumes too much memory, and leaks some.
- Bug 166893: Cert value is corrupted in Token Cache after import.
- Bug 166894: Changing trust on a token cert causes a failure.
- Bug 168309: certutil fails with list everything in the hardware token.
DocumentationFor a list of the primary NSS documentation pages on mozilla.org, see NSS Documentation. New and revised documents available since the release of NSS 3.3.1 include the following:
- Build Instructions for NSS 3.4.3 describe the new NSS 3.4.3 CVS tag and other minor changes since NSS 3.4.2.
CompatibilityNSS 3.4.3 shared libraries are backward compatible with NSS 3.4.2, NSS 3.4.1, NSS 3.4, NSS 3.3.x, and NSS 3.2.x shared libraries. A program linked with NSS 3.4.2, NSS 3.4.1, NSS 3.4, NSS 3.3.x, or 3.2.x shared libraries will work with NSS 3.4.3 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS 3.4 Public Functions will remain compatible with future versions of the NSS shared libraries.
FeedbackBugs discovered should be reported by filing a bug report with bugzilla (product NSS).
You can also give feedback directly to the developers on the IRC channel
#mozcrypto on the server irc.mozilla.org.