nss-3.19.2

[bdubbs@…]

New point version.

​https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_RTM/src/nss-3.19.2.tar.gz

​https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_19_2_RTM/src/SHA256SUMS

1306663e8f61d8449ad8cbcffab743a604dcd9f6f34232c210847c51dce2c9ae

​https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes

New in NSS 3.19.2

New Functionality

No new functionality is introduced in this release.

Notable Changes in NSS 3.19.2

  • Bug 1172128 - In NSS 3.19.1, the minimum key sizes that the freebl
    cryptographic implementation (part of the softoken cryptographic
    module used by default by NSS) was willing to generate or use was
    increased - for RSA keys, to 512 bits, and for DH keys, 1023 bits.
    This was done as part of a security fix for Bug 1138554 /
    CVE-2015-2721. Applications that requested or attempted to use keys
    smaller then the minimum size would fail. However, this change in
    behaviour unintentionally broke existing NSS applications that need
    to generate or use such keys, via APIs such as
    SECKEY_CreateRSAPrivateKey or SECKEY_CreateDHPrivateKey.

    In NSS 3.19.2, this change in freebl behaviour has been reverted.
    The fix for Bug 1138554 has been moved to libssl, and will now only
    affect the minimum keystrengths used in SSL/TLS.

    Note: Future versions of NSS may increase the minimum keysizes
    required by the freebl module. Consumers of NSS are strongly
    encouraged to migrate to stronger cryptographic strengths as soon as
    possible.

Bugs fixed in NSS 3.19.2

This Bugzilla query returns all the bugs fixed in NSS 3.19.2

​https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.19.2

[Fernando de Oliveira]

Fixed at r16140.