NSS 3.2.1 Release Notes
6 April 2001
Newsgroup:
mozilla.dev.tech.crypto
Engineering lead:
Bob Relyea
Product manager:
Roland Jones
Engineering manager:
Wan-Teh Chang
Contents
- Introduction
- Distribution Information
- Bugs Fixed
- Documentation
- Changes Since NSS 3.2
- Platform Information
-
Known Bugs and Issues
- Compatibility
- Feedback
Introduction
NSS 3.2.1 provides improved SSL performance and fixes bugs in pk12util and some certificate query operations. It also facilitates simplified build instructions; for details, see Build Instructions for NSS 3.2.1 Release.
This document describes the NSS 3.2.1 release only. For detailed information about NSS 3.2, including changes since NSS 3.1.1, see NSS 3.2 Release Notes.
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. These libraries provide the security foundation for a variety of server products from iPlanet E-Commerce Solutions, including iPlanet Certificate Management System, iPlanet Web Server, iPlanet Directory Server, and iPlanet Messaging Server.
The NSS libraries also underlie Personal Security Manager (PSM), which performs cryptographic operations on behalf of Netscape Communicator, Netscape 6, and other client applications.
In early 2000, we contributed NSS to the open source community. All the code that we could publish was released as NSS 3.0 on mozilla.org. In October of 2000, we released NSS 3.1, a complete version of NSS that included support for the RSA algorithm. A major drawback of NSS 3.1 was that it did not perform as well as NSS 2.83 on some hardware platforms. In December of 2000, we released NSS 3.1.1, which fixed several bugs in NSS 3.1, including a bug related to prime number generation.
In March of 2001 we released NSS 3.2, which provided improved SSL performance, support for shared libraries, and improved tools support.
NSS 3.2.1 is dual-licensed under the MPL and the GPL.
Distribution Information
The CVS tag for the NSS 3.2.1 release is NSS_3_2_1_RTM.NSS 3.2.1 source and binary distributions will be available soon.
Bugs Fixed
For a list of all bugs that have been fixed in the NSS 3.2.1 release, click here.
Documentation
For a list of the primary NSS documentation pages on mozilla.org, see NSS Documentation. New and revised documents available since the release of NSS 3.1.1 include the following:- Build Instructions for the NSS 3.2.1 Release describe the new NSS 3.2 CVS tag and other significant changes since NSS 3.2.
- NSS 3.2 Public Functions summarizes the APIs exported by the new DLLs starting with NSS 3.2. These APIs are guaranteed to work with future versions of NSS shared libraries.
- Introduction to Network Security Services. Provides an overview of the static and shared libraries in NSS 3.2.
Source may be viewed with a browser (via the LXR tool) at http://lxr.mozilla.org/mozilla/source/security/nss/
The following tools are supported in this release:
-
certutil
cmsutil
modutil
pk12util
signtool
signver
ssltap
For documentation and other information about these tools, see NSS Tools.
Changes Since NSS 3.2
NSS 3.2.1 provides improved SSL performance compared with NSS 3.2 and fixes bugs in pk12util and some certificate query operations. It also facilitates simplified build instructions; for details, see Build Instructions for NSS 3.2.1 Release.
For changes introduced in NSS 3.2, see NSS 3.2 Release Notes.
Platform Information
NSS is maintained on the platforms listed below. "Certified" means the iPlanet NSS team has built and run QA tests for NSS on a machine with the specified OS.
Platform | Build | Certify | Compiler(s) |
AIX | 4.3.3 (32 bit) | 4.3.3 (32 bit) 4.3.3 (64 bit) |
xlC/C++ 3.6.4 |
4.3.3 (64 bit) | 4.3.3 (64 bit) | xlC/C++ 3.6.4 | |
Compaq Tru64 | 4.0D | 4.0D
5.0A |
(cc) Digital C v5.6-071 |
HP-UX | 11.0 (32 bit) | 11.0 (32 bit) 11.0 (64 bit) |
C compiler: A.11.01.00 |
11.0 (64 bit) | 11.0 (64 bit) | C compiler A.11.01.00 | |
Linux | RedHat 6.0 | RedHat 6.0 RedHat 6.1 |
egcs-1.1.2 |
NT | NT 4.0 w/ SP 6a | NT 4.0 w/ SP 6a
Win2000 |
VC++ 6.0 Service Pack 3 |
Windows | NT 4.0 w/ SP 6a |
NT 4.0 w/ SP 6a Win2000 |
VC++ 6.0 Service Pack 3 |
Solaris | 2.6 | 2.6 8 (32 bit) 8 (64 bit) |
WorkShop Compilers
C/C++ version 4.2 |
8 (64-bit) | 8 (64-bit) | WorkShop Compilers
C/C++ version 5.0 |
NSS has not yet been formally tested or certified on any other platforms. If you have successfully run NSS on other platforms, or if you are interested in taking responsibility for testing and maintaining NSS on a particular platform that's not listed above, post a message to mozilla.dev.tech.crypto.
Note re NT builds: The build listed in the left column above as the "NT" build runs on NT (including Windows 2000) only and hence can potentially take advantage of some Win32 functions that are only implemented on NT, such as fibers and I/O completion ports. The build listed above as the "Windows" build runs on all Windows flavors -- 95, 98, Me, NT, and 2000.
Only NSPR makes use of this NT vs. Windows distinction and provides different NT and Windows builds. Many Netscape products, including NSS, have NT and Windows builds that are essentially the same except one difference: one is linked with the NT version of NSPR and the other is linked with the Windows version of NSPR.
Note to Macintosh Developers: Due to a lack of resources, our team was unable to develop NSS for the Macintosh platform. We are looking for help from any interested parties to modify the Macintosh project file for NSS 3.2. For contact information, please see the Feedback section.
Known Bugs and Issues
- The NT version of the pk12util command does not create a valid PKCS #12 export file on Windows 2000 if the target file is on a networked file system. The workaround for WIndows 2000 is either to (1)write the pkcs12 file to a local file system or (2) use the Windows 95 version of pk12util.
- NSS 3.2 uses mozilla/dbm, which is based on Berkeley DB 1.85.
Berkeley DB 1.85 is released under the original BSD license, whose "advertising clause" is incompatible with the GNU GPL.
In a letter dated July 22, 1999, UC Berkeley announced that the advertising clause is deleted from all the BSD Unix files (of any version of BSD) containing it. (The announcement is available at ftp.cs.berkeley.edu/ucb/4bsd/README.Impt.License.Change.) The final (AT&T proprietary) 4.4BSD release contained version 1.6 of Berkeley DB. The 4.4BSD-Lite2 release contained version 1.74 of Berkeley DB. Since Berkeley DB 1.85 is not technically in any version of BSD (although it is derived from the Berkeley DB files in 4.4BSD and 4.4BSD-Lite2), it is not clear whether the Berkeley announcement deletes the advertising clause from Berkeley DB 1.85.
- For a list of reported bugs that have not been fixed in NSS 3.2, click here. (Note that not all of these bugs have been confirmed. Even some bugs in the "new" state are unconfirmed.)
Compatibility
NSS 3.2.1 is binary compatible with NSS 3.2. The source is backward compatible with NSS 3.1.1, NSS 3.1, and NSS 3.0.x. Applications that restrict their use of NSS APIs to the functions listed in NSS 3.2 Public Functions will remain compatible with future versions of the NSS shared libraries.
Feedback
Bugs discovered should be reported by filing a bug report with bugzilla (product NSS).You can also give feedback directly to the developers on the IRC channel #mozcrypto on the server irc.mozilla.org.