NSS 3.33 release notes

Diese Übersetzung ist unvollständig. Bitte helfen Sie uns, diesen Artikel aus dem Englischen zu übersetzen


Das Network Security Services (NSS) Team hat NSS 3.33 veröffentlicht, was eine Nebenversion darstellt.

Distribution information

The hg tag is NSS_3_33_RTM. NSS 3.33 requires Netscape Portable Runtime (NSPR) 4.17 or newer.

NSS 3.33 source distributions are available on ftp.mozilla.org for secure HTTPS download:

Bedeutende Änderungen in NSS 3.33

  • TLS-Kompression wird nicht mehr unterstützt. API calls that attempt to enable compression are accepted without failure. However, TLS compression will remain disabled.
  • Diese Version von NSS verwendet eine formal bestätigte Implementierung von Curve25519 auf 64-Bit-Systemen.
  • The compile time flag DISABLE_ECC has been removed.
  • When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not performed anymore.
  • Fixes CVE-2017-7805, a potential use-after-free in TLS 1.2 server when verifying client authentication
  • Various minor improvements and correctness fixes.

Neu in NSS 3.33

Neue Funktionalität

  • When listing an NSS database using certutil -L, but the database hasn't yet been initialized with any non-empty or empty password, the text "Database needs user init" will be included in the listing.
  • When using certutil to set an inacceptable password in FIPS mode, a correct explanation of acceptable passwords will be printed.

Neue Funktionen

  • in cert.h
    • CERT_FindCertByIssuerAndSNCX - a variation of existing function CERT_FindCertByIssuerAndSN that accepts an additional password context parameter.
    • CERT_FindCertByNicknameOrEmailAddrCX - a variation of existing function CERT_FindCertByNicknameOrEmailAddr that accepts an additional password context parameter.
    • CERT_FindCertByNicknameOrEmailAddrForUsageCX - a variation of existing function CERT_FindCertByNicknameOrEmailAddrForUsage that accepts an additional password context parameter.
  • in secport.h
    • NSS_SecureMemcmpZero - check if a memory region is all zero in constant time.
    • PORT_ZAllocAligned - allocate aligned memory.
    • PORT_ZAllocAlignedOffset - allocate aligned memory for structs.
  • in ssl.h
    • SSL_GetExperimentalAPI - access experimental APIs in libssl.

Fehler behoben in NSS 3.33

This Bugzilla query returns all the bugs fixed in NSS 3.33:



NSS 3.33 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.33 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.


Entdeckte Fehler sollten durch das Ausfüllen eines Fehlerberichts mithilfe von bugzilla.mozilla.org gemeldet werden (Produkt NSS).