NSS 3.126 release notes
Introduction
Network Security Services (NSS) 3.126 was released on 17 July 2026.
Distribution Information
The HG tag is NSS_3_126_RTM. NSS 3.126 requires NSPR 4.39 or newer.
NSS 3.126 source distributions are available on ftp.mozilla.org for secure HTTPS download:
Other releases are available Release Notes.
Changes in NSS 3.126
Bug 2054731 - reject resumption tokens where wrapped_master_secret_len is too long.
Bug 2054723 - harden against integer overflows in lowpbe.c.
Bug 2054697 - fix AES GCM parameter serialization in pk11_GetPBECryptoMechanism.
Bug 2054695 - handle HMAC truncation when using PK11_Digest* APIs.
Bug 1329766 - Enable DTLS in BoGo tests.
Bug 2054616 - reject short ciphertexts in sec_pkcs5_rc2.
Bug 2027350 - rewrite PK11_SaveContext in terms of PK11_SaveContextAlloc.
Bug 2050034 - reject long OCSP responses in libpkix http client.
Bug 2047783 - Set nssckbi version to 2.90.
Bug 2052097 - remove ePKI Root Certification Authority.
Bug 2047804 - add Telia v3 Roots.
Bug 2047800 - add SECOM 2024 Roots.
Bug 2017374 - remove websites trust bit from Atos TrustedRoot 2011.
Bug 2039251 - clang format.
Bug 2052288 - clang format.
Bug 2053436 - Fix session reference leak in NSC_GetOperationState error paths.
Bug 2039251 - Use ProcessPrng in RNG_SystemRNG in freebl on Windows.
Bug 2052650 - Speed up DTLS timers.
Bug 2053075 - Only use lower PBE iteration count limit in fuzzing builds.
Bug 2052442 - Update git support for mach clang-format.
Bug 2052442 - run black over mach.
Bug 2052437 - Include keythi.h to avoid warning.
Bug 2029410 - Bound CCM ulMACLen and GCM ulTagBits in pk11_AEADSimulateOp to prevent taglen overflow.
Bug 2029406 - Validate CKM_AES_CBC_PAD mechanism parameter length in sftk_CryptInit.
Bug 2019001 - update abicheck expectations.
Bug 2042337 - Use aarch64 implementation of AES-GCM from AWS-LC.
Bug 2051752 - add a CI job that runs gtests without hardware crypto support.
Bug 2051995 - add a faster PORT_SafeZero fallback.
Bug 2051939 - null check extension array in tls13_CheckCertDelegationUsage.
Bug 2051754 - update wycheproof AES-GCM test vectors.
Bug 2027311 - clang format.
Bug 2052288 - clear greaseEchBuf after constructing HRR.
Bug 2029321 - validate params length before len-2 subtraction in SECKEY_GetECCOid.
Bug 2015247 - Fix leak in CERT_EnableOCSPDefaultResponder.
Bug 2015247 - Fix infinite recursion in FC_AsyncJoin.
Bug 2015247 - Fix leak of public key in PK11_GenerateKeyPairWithOpFlags.
Bug 2015247 - Fix leak in jpake_Round2Base.
Bug 2019001 - add support for ML-KEM-1024 named group.
Bug 2029750 - Reject undersized IV and key SECItems in PBES2 cipher dispatchers.
Bug 2027311 - Add defensive checks on generic MECHANISM_PARAM.
Bug 2029438 - Stop serializing SHA-256 dispatch function pointers in Flatten/Resurrect.
Bug 2029434 - Reject overflowing quantities in nss_ZNEWARRAY and nss_ZREALLOCARRAY.
Bug 2029437 - Expand 2-key 3DES key from 16 to 24 bytes (K1||K2||K1) before DES_InitContext.
Bug 2029701 - Reject mechanism param vs CKA_VALUE_LEN inconsistency in NSC_DeriveKey before indexing key_block.
Bug 2029763 - Mirror nssCKFWSession_CopyObject sizing loop on the population loop’s iteration order.
Bug 2051735 - copy correct param string in secmod_MkAppendTokensList.
Bug 2029816 - remove support for parsing cert comment strings.
Bug 2051967 - update abicheck expectation.
Bug 2029779 - Add overflow check to kbkdf_IncrementBuffer and propagate failure to both callers.
Bug 2027380 - pass offset-adjusted pointer to SEC_ASN1GetSubtemplate in QuickDER call sites.
Bug 2027375 - account for primitive payload bytes in DER_INDEFINITE contents_length.
Bug 2027351 - reserve trailing length prefix bytes in PK11_HPKE_ImportContext bounds checks.
Bug 2027374 - bounds check multibyte DER length in der_capture and der_indefinite_length.
Bug 2029289 - fix off-by-one offset in pk11_buildNickname cert_id branch.
Bug 2046579 - fix new ubsan warnings after clang upgrade.
Bug 2046579 - update tlsfuzzer.
Bug 2046579 - update tlsinterop.
Bug 2046579 - upgrade docker images to ubuntu noble.
Bug 2046579 - rework ci build platform names and aliases.
Bug 2046579 - extend NSS CI with linux arm64 workers.
Bug 2050958 - add defensive hash length check in emsa_pss_verify.
Bug 2029794 - handle NSSCertificate identity changing in __CERT_AddTempCertToPerm.
Bug 2027388 - add defensive check on pk11_HandUnwrap key size.
Bug 2049435 - CID 1694497 - a resource leak in sftk_CryptInit() in lib/softoken/pkcs11c.c.
Bug 2037078 - Implement CMS AuthEnvelopedData decryption (RFC 5083/5084).
Bug 2046136 - Add a few sanity checks in CMS decoder.
Bug 2047310 - add PK11_CreatePrivateKeyFromTemplate.
Bug 2047771 - fix more pre-existing session object leaks.
Bug 2047771 - avoid leaking session object in PK11_UnwrapPrivKey.
Bug 2047771 - check for session object leaks in NSS_STRICT_SHUTDOWN mode.
Bug 2044460 - Change smime_gtest make build to link smime library statically.
Bug 2046371 - Add test for server rejecting client CertificateRequest.
Bug 2046371 - Reject TLS 1.3 handshake messages received in the wrong endpoint role.
Bug 2047218 - bundle NSPR 4.39 with source distribution.