Network Security Services

In computing, Network Security Services comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security / Secure Sockets Layer and S/MIME. Previously tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License, NSS upgraded to GPL-compatible MPL 2.0 with release 3.14.

History

NSS originated from the libraries developed when Netscape invented the SSL security protocol.

FIPS 140 validation and NISCC testing

The NSS software crypto module has been validated five times for conformance to FIPS 140 at Security Levels 1 and 2. NSS was the first open source cryptographic library to receive FIPS 140 validation. The NSS libraries passed the NISCC TLS/SSL and S/MIME test suites.

Applications that use NSS

, Red Hat, Sun Microsystems/Oracle Corporation, Google and other companies and individual contributors have co-developed NSS. Mozilla provides the source code repository, bug tracking system, and infrastructure for mailing lists and discussion groups. They and others named below use NSS in a variety of products, including the following:

Mozilla client products, including Firefox, Thunderbird, SeaMonkey, and Firefox for mobile.
AOL Communicator and AOL Instant Messenger
Opera
Open source client applications such as Evolution, Pidgin, and OpenOffice.org 2.0 onward.
Server products from Red Hat: Red Hat Directory Server, Red Hat Certificate System, and the mod nss SSL module for the Apache web server.
Sun server products from the Sun Java Enterprise System, including Sun Java System Web Server, Sun Java System Directory Server, Sun Java System Portal Server, Sun Java System Messaging Server, and Sun Java System Application Server, open source version of Directory Server OpenDS.
Libreswan IKE/IPsec requires NSS. It is a fork of Openswan which could optionally use NSS.
Architecture

NSS includes a framework to which developers and OEMs can contribute patches, such as assembly code, to optimize performance on their platforms. Mozilla has certified NSS 3.x on 18 platforms. NSS makes use of Netscape Portable Runtime, a platform-neutral open-source API for system functions designed to facilitate cross-platform development. Like NSS, NSPR has been used heavily in multiple products.

Software development kit

In addition to libraries and APIs, NSS provides security tools required for debugging, diagnostics, certificate and key management, cryptography-module management, and other development tasks. NSS comes with an extensive and growing set of documentation, including introductory material, API references, man pages for command-line tools, and sample code.
Programmers can utilize NSS as source and as shared libraries. Every NSS release is backward-compatible with previous releases, allowing NSS users to upgrade to new NSS shared libraries without recompiling or relinking their applications.

Interoperability and open standards

NSS supports a range of security standards, including the following:

TLS 1.0, 1.1, 1.2, and 1.3. The Transport Layer Security protocol from the IETF supersedes SSL v3.0 while remaining backward-compatible with SSL v3 implementations.
SSL 3.0. The Secure Sockets Layer protocol allows mutual authentication between a client and server and the establishment of an authenticated and encrypted connection.
DTLS 1.0 and 1.2.
DTLS-SRTP.
The following PKCS standards:
* PKCS #1. RSA standard that governs implementation of public-key cryptography based on the RSA algorithm.
* PKCS #3. RSA standard that governs implementation of Diffie–Hellman key agreement.
* PKCS #5. RSA standard that governs password-based cryptography, for example to encrypt private keys for storage.
* PKCS #7. RSA standard that governs the application of cryptography to data, for example digital signatures and digital envelopes.
* PKCS #8. RSA standard that governs the storage and encryption of private keys.
* PKCS #9. RSA standard that governs selected attribute types, including those used with PKCS #7, PKCS #8, and PKCS #10.
* PKCS #10. RSA standard that governs the syntax for certificate requests.
* PKCS #11. RSA standard that governs communication with cryptographic tokens and permits application independence from specific algorithms and implementations.
* PKCS #12. RSA standard that governs the format used to store or transport private keys, certificates, and other secret material.
Cryptographic Message Syntax, used in S/MIME. IETF message specification that provides a consistent way to send and receive signed and encrypted MIME data.
X.509 v3. ITU standard that governs the format of certificates used for authentication in public-key cryptography.
OCSP. The Online Certificate Status Protocol governs real-time confirmation of certificate validity.
PKIX Certificate and CRL Profile. The first part of the four-part standard under development by the Public-Key Infrastructure working group of the IETF for a public-key infrastructure for the Internet.
RSA, DSA, ECDSA, Diffie–Hellman, EC Diffie–Hellman, AES, Triple DES, Camellia, IDEA, SEED, DES, RC2, RC4, SHA-1, SHA-256, SHA-384, SHA-512, MD2, MD5, HMAC: Common cryptographic algorithms used in public-key and symmetric-key cryptography.
FIPS 186-2 pseudorandom number generator.
Hardware support

NSS supports the PKCS #11 interface for access to cryptographic hardware like TLS/SSL accelerators, hardware security modules and smart cards. Since most hardware vendors such as SafeNet, AEP and Thales also support this interface, NSS-enabled applications can work with high-speed crypto hardware and use private keys residing on various smart cards, if vendors provide the necessary middleware. NSS version 3.13 and above support the Advanced Encryption Standard New Instructions.

Java support

Network Security Services for Java consists of a Java interface to NSS. It supports most of the security standards and encryption technologies supported by NSS. JSS also provides a pure Java interface for ASN.1 types and BER/DER encoding.

Popular movies

The Hunger Games (film) - 2012 American dystopian action thriller science fiction-adventure film directed by Gary Ross and based on Suzanne Collins’s 2008 novel of the same name. It is the first insta...
untitled Captain Marvel sequel - part of Marvel Cinematic Universe....
Killers of the Flower Moon (film project) - Killers of the Flower Moon - film project in United States of America. It was presented as drama, detective fiction, thriller. The film project starred Leonardo Dicaprio, Robert De Niro. Director of...
Five Nights at Freddy's (film) - Five Nights at Freddy's - film published in 2017 in United States of America. Scenarist of the film - Scott Cawthon....

Popular books

Book of Revelation - The Book of Revelation is the final book of the New Testament, and consequently is also the final book of the Christian Bible. Its title is derived from the first word of the Koine Greek text: apok...
Book of Genesis - account of the creation of the world, the early history of humanity, Israel's ancestors and the origins...
Gospel of Matthew - The Gospel According to Matthew is the first book of the New Testament and one of the three synoptic gospels. It tells how Israel's Messiah, rejected and executed in Israel, pronounces judgement on ...
Michelin Guide - Michelin Guides are a series of guide books published by the French tyre company Michelin for more than a century. The term normally refers to the annually published Michelin Red Guide , the oldest...
Psalms - The Book of Psalms , commonly referred to simply as Psalms , the Psalter or "the Psalms", is the first book of the Ketuvim , the third section of the Hebrew Bible, and thus a book of th...
Ecclesiastes - Ecclesiastes is one of 24 books of the Tanakh , where it is classified as one of the Ketuvim . Originally written c. 450–200 BCE, it is also among the canonical Wisdom literature of the Old Tes...
The 48 Laws of Power - non-fiction book by American author Robert Greene. The book...

Popular television series

The Crown (TV series) - historical drama web television series about the reign of Queen Elizabeth II, created and principally written by Peter Morgan, and produced by Left Bank Pictures and Sony Pictures Tel...
Friends - American sitcom television series, created by David Crane and Marta Kauffman, which aired on NBC from September 22, 1994, to May 6, 2004, lasting ten seasons. With an ensemble cast sta...
Young Sheldon - spin-off prequel to The Big Bang Theory and begins with the character Sheldon...
Modern Family - American television mockumentary family sitcom created by Christopher Lloyd and Steven Levitan for the American Broadcasting Company. It ran for eleven seasons, from September 23...
Loki (TV series) - upcoming American web television miniseries created for Disney+ by Michael Waldron, based on the Marvel Comics character of the same name. It is set in the Marvel Cinematic Universe, shar...
Game of Thrones - American fantasy drama television series created by David Benioff and D. B. Weiss for HBO. It...
Shameless (American TV series) - American comedy-drama television series developed by John Wells which debuted on Showtime on January 9, 2011. It...