We have two regression bugs in NSS that should get fixed for Firefox 60 ESR. These are included in NSS 3.36.2, which is tagged as NSS_3_36_2_RTM (but not yet released) [1]. To update, execute the following commands: sed -i 's/3.36.1,/3.36.2,/' old-configure.in python client.py update_nss NSS_3_36_2_RTM [1] https://hg.mozilla.org/projects/nss/rev/6ccabc4b688f

[Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: NSS 3.36.2 fixes a TLS 1.3 connection issue that is being seen in the wild in Firefox 60+ (Bug 1462303). Also fixes a PKCS12 bug that affects some enterprise users (Bug 1460673). User impact if declined: Continued TLS 1.3 connection issues. Fix Landed on Version: NSS 3.36.2, NSS 3.37.1, NSS 3.38 Risk to taking this patch (and alternatives if risky): Low; there are only two small patches included in 3.36.2 versus the current 3.36.1. String or UUID changes made by this patch: n/a Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=6b27a281b03928a95b18a9f554bba1d52c133aae

Comment on attachment 8980069 [details] [diff] [review] NSS_3_36_2_RTM.patch Approved for ESR 60.1.