4.3 Release Notes

Release Date: 01 April 2009

Introduction

Network Security Services for Java (JSS) 4.3 is a minor release with the following new features:

  • SQLite-Based Shareable Certificate and Key Databases
  • libpkix: an RFC 3280 Compliant Certificate Path Validation Library
  • PKCS11 needsLogin method
  • support HmacSHA256, HmacSHA384, and HmacSHA512
  • support for all NSS 3.12 initialization options

JSS 4.3 is tri-licensed under MPL 1.1/GPL 2.0/LGPL 2.1.

New in JSS 4.3

A list of bug fixes and enhancement requests were implemented in this release can be obtained by running this bugzilla query

JSS 4.3 requires NSS 3.12 or higher.

  • New SQLite-Based Shareable Certificate and Key Databases by prepending the string "sql:" to the directory path passed to configdir parameter for Crypomanager.initialize method or using the NSS environment variable NSS_DEFAULT_DB_TYPE.
  • Libpkix: an RFC 3280 Compliant Certificate Path Validation Library (see PKIXVerify)
  • PK11Token.needsLogin method (see needsLogin)
  • support HmacSHA256, HmacSHA384, and HmacSHA512 (see HMACTest.java)
  • support for all NSS 3.12 initialization options (see InitializationValues)
  • New SSL error codes (see http://mxr.mozilla.org/security/sour...util/SSLerrs.h)
    • SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT
      SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT
      SSL_ERROR_UNRECOGNIZED_NAME_ALERT
      SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT
      SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT
  • New TLS cipher suites (see http://mxr.mozilla.org/security/sour...SSLSocket.java):
    • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
      TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
      TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
  • Note: the following TLS cipher suites are declared but are not yet implemented:
    • TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
      TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
      TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
      TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
      TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
      TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
      TLS_ECDH_anon_WITH_NULL_SHA
      TLS_ECDH_anon_WITH_RC4_128_SHA
      TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
      TLS_ECDH_anon_WITH_AES_128_CBC_SHA
      TLS_ECDH_anon_WITH_AES_256_CBC_SHA

Distribution Information

Documentation

Documentation for JSS 4.3 is available as follows:

Platform Information

  • JSS 4.3 works with JDK versions 4 or higher we suggest the latest.
  • JSS 4.3 requires NSS 3.12 or higher.
  • JSS 4.3 requires NSPR 4.7.1 or higher.
  • JSS only supports the native threading model (no green threads).

Known Bugs and Issues

  • For a list of reported bugs that have not yet been fixed, click here. Note that some bugs may have been fixed since JSS 4.3 was released.

Compatibility

  • JSS 4.3 is backwards compatible with JSS 4.2. Applications compiled against JSS 4.2 will work with JSS 4.3.
  • The 4.3 version of libjss4.so/jss4.dll must only be used with jss4.jar. In general, a JSS JAR file must be used with the JSS shared library from the exact same release.
  • To obtain the version info from the jar file use, "System.out.println(org.mozilla.jss.CryptoManager.JAR_JSS_VERSION)" and to check the shared library: strings libjss4.so | grep -i header

Feedback

  • Bugs discovered should be reported by filing a bug report with bugzilla.
  • You can also give feedback directly to the developers on the Mozilla Cryptography forums...