The NSS team has released Network Security Services (NSS) 3.28.5,
which is a patch release to update the list of root CA certificates.
These are backported changes, which are equivalent to the changes that
have been recently released with NSS 3.30.2.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA
- CN = WellsSecure Public Root Certificate Authority
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
* The version number of the updated root CA list has been set to 2.14
* Domain name constraints for one of the new CAs have been added to the
NSS code (Bug 1349705)
The full release notes are available at
The HG tag is NSS_3_28_5_RTM. NSS 3.28.5 requires NSPR 4.13.1 or newer.
NSS 3.28.5 source distributions are available for secure download: