| | 4 | |
| | 5 | |
| | 6 | {{{ |
| | 7 | New in NSS 3.27.1 |
| | 8 | New Functionality |
| | 9 | |
| | 10 | No new functionality is introduced in this release. This is a patch release to address a TLS compatibility issue that some applications experienced with NSS 3.27. |
| | 11 | |
| | 12 | Notable Changes in NSS 3.27.1 |
| | 13 | Availability of the TLS 1.3 (draft) implementation has been re-disabled in the default build. |
| | 14 | |
| | 15 | Previous versions of NSS made TLS 1.3 (draft) available only when compiled with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the maximum version used by default remained TLS 1.2. |
| | 16 | |
| | 17 | However, some applications query the list of protocol versions that are supported by the NSS library, and enable all supported TLS protocol versions. Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused those applications to enable TLS 1.3 (draft). This resulted in connectivity failures, as some TLS servers are version 1.3 intolerant, and failed to negotiate an earlier TLS version with NSS 3.27 clients. |
| | 18 | |
| | 19 | NSS 3.27.1 once again requires NSS_ENABLE_TLS_1_3 to be set to enable TLS 1.3 (draft). |
| | 20 | |
| | 21 | Bugs fixed in NSS 3.27.1 |
| | 22 | The following bug has been fixed in NSS 3.27.1: Re-disable TLS 1.3 by default |
| | 23 | |
| | 24 | Compatibility |
| | 25 | NSS 3.27.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.27.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries. |
| | 26 | }}} |
