NSS 3.112 release notes

Introduction

Network Security Services (NSS) 3.112 was released on 23 May 2025*.

Distribution Information

The HG tag is NSS_3_112_RTM. NSS 3.112 requires NSPR 4.36 or newer. The latest version of NSPR is 4.36.

NSS 3.112 source distributions are available on ftp.mozilla.org for secure HTTPS download:

• Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_112_RTM/src/

Other releases are available Releases.

Changes in NSS 3.112

• Bug 1963792 - Fix alias for mac workers on try.

• Bug 1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault.

• Bug 1931930 - ABI/API break in ssl certificate processing

• Bug 1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template.

• Bug 1965754 - update taskgraph to v14.2.1.

• Bug 1964358 - Workflow for automation of the release on GitHub when pushing a tag

• Bug 1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate

• Bug 1934877 - Renegotiations should use a fresh ECH GREASE buffer.

• Bug 1951396 - update taskgraph to v14.1.1

• Bug 1962503 - Partial fix for ACVP build CI job

• Bug 1961827 - Initialize find in sftk_searchDatabase.

• Bug 1963121 - Add clang-18 to extra builds.

• Bug 1963044 - Fault tolerant git fetch for fuzzing.

• Bug 1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp.

• Bug 1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set.

• Bug 1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls.

• Bug 1963102 - Remove Cryptofuzz CI version check