NSS 3.18 Release Increases RSA Key Pair Size, Ups Protocol Versions

Mozilla announced the updated release this week of their NSS (Network Security Services) libraries.

NSS 3.18 is described as a minor release but there's some new functionality, new functions, new CA certiciates were added, and a number of bugs fixed. However, there's also two other notable changes that attracted our attention after being pointed out by a Phoronix reader:

- The highest TLS protocol version enabled by default has been increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS protocol version enabled by default has been increased from DTLS 1.0 to DTLS 1.2.

- The default key size used by certutil when creating an RSA key pair has been increased from 1024 bits to 2048 bits.

So with NSS 3.18 the default key size for new RSA key pairs via certutil is now 2048 bits and the default TLS/DTLS version enabled is v1.2.

Besides Mozilla products using NSS like Firefox and Tunderbird, Google Chrome/Chromium uses it along with numerous other open-source projects for creating multi-platform, security-enabled client/server applications.

More details on NSS 3.18 can be found at developer.mozilla.org.