Name | Date | Size | |
---|---|---|---|
.. | 05-Nov-2014 | 4 KiB | |
LICENSE | 05-Nov-2014 | 1.7 KiB | |
patches/ | 05-Nov-2014 | 4 KiB | |
README.chromium | 05-Nov-2014 | 4.4 KiB | |
ssl/ | 05-Nov-2014 | 4 KiB | |
ssl.gyp | 05-Nov-2014 | 5.2 KiB |
README.chromium
1Name: Network Security Services (NSS) 2URL: http://www.mozilla.org/projects/security/pki/nss/ 3Version: 3.15.5 Beta 2 4Security Critical: Yes 5License: MPL 2 6License File: NOT_SHIPPED 7 8This directory includes a copy of NSS's libssl from the hg repo at: 9 https://hg.mozilla.org/projects/nss 10 11The same module appears in crypto/third_party/nss (and third_party/nss on some 12platforms), so we don't repeat the license file here. 13 14The snapshot was updated to the hg tag: NSS_3_15_5_BETA2 15 16Patches: 17 18 * Cache the peer's intermediate CA certificates in session ID, so that 19 they're available when we resume a session. 20 patches/cachecerts.patch 21 https://bugzilla.mozilla.org/show_bug.cgi?id=731478 22 23 * Add support for client auth with native crypto APIs on Mac and Windows. 24 patches/clientauth.patch 25 ssl/sslplatf.c 26 27 * Add a function to export whether the last handshake on a socket resumed a 28 previous session. 29 patches/didhandshakeresume.patch 30 https://bugzilla.mozilla.org/show_bug.cgi?id=731798 31 32 * Add function to retrieve TLS client cert types requested by server. 33 https://bugzilla.mozilla.org/show_bug.cgi?id=51413 34 patches/getrequestedclientcerttypes.patch 35 36 * Add a function to restart a handshake after a client certificate request. 37 patches/restartclientauth.patch 38 39 * Add support for TLS Channel IDs 40 patches/channelid.patch 41 42 * Add support for extracting the tls-unique channel binding value 43 patches/tlsunique.patch 44 https://bugzilla.mozilla.org/show_bug.cgi?id=563276 45 46 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock. 47 This change was made in https://chromiumcodereview.appspot.com/10454066. 48 patches/secretexporterlocks.patch 49 50 * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS 51 versions older than 3.15 report an EC key size range of 112 bits to 571 52 bits, even when it is compiled to support only the NIST P-256, P-384, and 53 P-521 curves. Remove this patch when all system NSS softoken packages are 54 NSS 3.15 or later. 55 patches/suitebonly.patch 56 57 * Define the SECItemArray type and declare the SECItemArray handling 58 functions, which were added in NSS 3.15. Remove this patch when all system 59 NSS packages are NSS 3.15 or later. 60 patches/secitemarray.patch 61 62 * Update Chromium-specific code for TLS 1.2. 63 patches/tls12chromium.patch 64 65 * Add Chromium-specific code to detect AES GCM support in the system NSS 66 libraries at run time. Remove this patch when all system NSS packages are 67 NSS 3.15 or later. 68 patches/aesgcmchromium.patch 69 70 * Support ChaCha20+Poly1305 ciphersuites 71 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 72 patches/chacha20poly1305.patch 73 74 * Fix session cache lock creation race. 75 patches/cachelocks.patch 76 https://bugzilla.mozilla.org/show_bug.cgi?id=764646 77 78 * Support the Certificate Transparency (RFC 6962) TLS extension 79 signed_certificate_timestamp (client only). 80 patches/signedcertificatetimestamps.patch 81 https://bugzilla.mozilla.org/show_bug.cgi?id=944175 82 83 * Add a function to allow the cipher suites preference order to be set. 84 patches/cipherorder.patch 85 86 * Add TLS_FALLBACK_SCSV cipher suite to version fallback connections. 87 patches/fallbackscsv.patch 88 89 * Add explicit functions for managing the SSL/TLS session cache. 90 This is a temporary workaround until Chromium migrates to NSS's 91 asynchronous certificate verification. 92 patches/sessioncache.patch 93 94 * Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs 95 in the lock rank checking code in PRRWLock. 96 patches/nssrwlock.patch 97 https://bugzilla.mozilla.org/show_bug.cgi?id=957812 98 99 * Use the IANA-assigned value for the TLS padding extension. 100 patches/paddingextvalue.patch 101 https://bugzilla.mozilla.org/show_bug.cgi?id=994883 102 103 * Move the signature_algorithms extension to the end of the extension list. 104 This works around a bug in WebSphere Application Server 7.0 which is 105 intolerant to the final extension having zero length. 106 patches/reorderextensions.patch 107 108 * Ignore out-of-order DTLS ChangeCipherSpec. 109 patches/ignorechangecipherspec.patch 110 https://bugzilla.mozilla.org/show_bug.cgi?id=1009227 111 112Apply the patches to NSS by running the patches/applypatches.sh script. Read 113the comments at the top of patches/applypatches.sh for instructions. 114 115The ssl/bodge directory contains files taken from the NSS repo that we required 116for building libssl outside of its usual build environment. 117