NSS 3.104 release notes
Introduction
Network Security Services (NSS) 3.104 was released on 1 August 2024*.
Distribution Information
The HG tag is NSS_3_104_RTM. NSS 3.104 requires NSPR 4.35 or newer.
NSS 3.104 source distributions are available on ftp.mozilla.org for secure HTTPS download:
Other releases are available Releases.
Changes in NSS 3.104
Bug 1910071 - Copy original corpus to heap-allocated buffer
Bug 1910079 - Fix min ssl version for DTLS client fuzzer
Bug 1908990 - Remove OS2 support just like we did on NSPR
Bug 1910605 - clang-format NSS improvements
Bug 1902078 - Adding basicutil.h to use HexString2SECItem function
Bug 1908990 - removing dirent.c from build
Bug 1902078 - Allow handing in keymaterial to shlibsign to make the output reproducible (
Bug 1908990 - remove nec4.3, sunos4, riscos and SNI references
Bug 1908990 - remove other old OS (BSDI, old HP UX, NCR, openunix, sco, unixware or reliantUnix
Bug 1908990 - remove mentions of WIN95
Bug 1908990 - remove mentions of WIN16
Bug 1913750 - More explicit directory naming
Bug 1913755 - Add more options to TLS server fuzz target
Bug 1913675 - Add more options to TLS client fuzz target
Bug 1835240 - Use OSS-Fuzz corpus in NSS CI
Bug 1908012 - set nssckbi version number to 2.70.
Bug 1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
Bug 1908009 - Remove Email Trust bit from certSIGN ROOT CA.
Bug 1908006 - Add Cybertrust Japan Roots to NSS.
Bug 1908004 - Add Taiwan CA Roots to NSS.
Bug 1911354 - remove search by decoded serial in nssToken_FindCertificateByIssuerAndSerialNumber.
Bug 1913132 - Fix tstclnt CI build failure
Bug 1913047 - vfyserv: ensure peer cert chain is in db for CERT_VerifyCertificateNow.
Bug 1912427 - Enable all supported protocol versions for UDP
Bug 1910361 - Actually use random PSK hash type
Bug 1911576: Initialize NSS DB once
Bug 1910361 - Additional ECH cipher suites and PSK hash types
Bug 1903604: Automate corpus file generation for TLS client Fuzzer
Bug 1910364 - Fix crash with UNSAFE_FUZZER_MODE
Bug 1910605 - clang-format shlibsign.c
Compatibility
NSS 3.104 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
Feedback
Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).