4.3 Release Notes

Release Date: 01 April 2009

Introduction

Network Security Services for Java (JSS) 4.3 is a minor release with the following new features:

  • SQLite-Based Shareable Certificate and Key Databases

  • libpkix: an RFC 3280 Compliant Certificate Path Validation Library

  • PKCS11 needsLogin method

  • support HmacSHA256, HmacSHA384, and HmacSHA512

  • support for all NSS 3.12 initialization options

JSS 4.3 is tri-licensed under MPL 1.1/GPL 2.0/LGPL 2.1.

New in JSS 4.3

A list of bug fixes and enhancement requests were implemented in this release can be obtained by

running this bugzilla query

JSS 4.3 requiresNSS 3.12or higher.

  • New SQLite-Based Shareable Certificate and Key Databases by prepending the string “sql:” to the directory path passed to configdir parameter for Crypomanager.initialize method or using the NSS environment variable NSS environment variables.

  • Libpkix: an RFC 3280 Compliant Certificate Path Validation Library (see PKIXVerify)

  • PK11Token.needsLogin method (see needsLogin)

  • support HmacSHA256, HmacSHA384, and HmacSHA512 (see HMACTest.java)

  • support for all NSS 3.12 initialization options (see InitializationValues)

  • New SSL error codes (see https://mxr.mozilla.org/security/sour…util/SSLerrs.h)

    • SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT SSL_ERROR_UNRECOGNIZED_NAME_ALERT SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT

  • New TLS cipher suites (see https://mxr.mozilla.org/security/sour…SSLSocket.java):

    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

  • Note: the following TLS cipher suites are declared but are not yet implemented:

    • TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA TLS_ECDH_anon_WITH_NULL_SHA TLS_ECDH_anon_WITH_RC4_128_SHA TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Distribution Information

Documentation

Documentation for JSS 4.3 is available as follows:

Platform Information

  • JSS 4.3 works with JDK versions 4 or higher we suggest the latest.

  • JSS 4.3 requires NSS 3.12 or higher.

  • JSS 4.3 requires NSPR 4.7.1 or higher.

  • JSS only supports the native threading model (no green threads).

Known Bugs and Issues

  • For a list of reported bugs that have not yet been fixed, click here. Note that some bugs may have been fixed since JSS 4.3 was released.

Compatibility

  • JSS 4.3 is backwards compatible with JSS 4.2. Applications compiled against JSS 4.2 will work with JSS 4.3.

  • The 4.3 version of libjss4.so/jss4.dll must only be used with jss4.jar. In general, a JSS JAR file must be used with the JSS shared library from the exact same release.

  • To obtain the version info from the jar file use, “System.out.println(org.mozilla.jss.CryptoManager.JAR_JSS_VERSION)” and to check the shared library: strings libjss4.so | grep -i header

Feedback

  • Bugs discovered should be reported by filing a bug report with bugzilla.

  • You can also give feedback directly to the developers on the Mozilla Cryptography forums…