DTLS 1.3: can be negotiated by default "XYBER768D00': should be off by default, i.e., not negotable even if it's the only kex enabled Certificate compression: is advertised by default smoke-tested against openssl for both server and client certificates (optional) smoke-tested against gnutls for both server and client certificates (optional) for zlib certificate decompressing to longer than uncompressed_length, nss server rejects the connection with `bad certificate` alert, and extra memory usage does not exceed 2^25 (32 MB) EdDSA: NSS can connect to itself using using Ed25519 server and client certificates NSS can connect to itself using using Ed448 server and client certificates (optional) run the available tlsfuzzer/test-tls13-eddsa-in-certificate-verify checks RSA OAEP: (optional) can decrypt RSA-OAEP padded message encrypted by openssl/gnutls and vice versa dbtool: is shipped under unsupported directory PBMAC1: smoke-test that openssl/gnutls can export/import files used by nss using all three of SHA-256, SHA-384 and SHA-512 RSA-PSS certificates with keys shorter than 2048 stop working

.RHEL 10 provides NSS in version 3.101 The NSS cryptographic toolkit packages are provided in version 3.101 in RHEL 10, which provides many bug fixes and enhancements. The most notable changes are the following: * DTLS 1.3 protocol is now supported (RFC 9147). * PBMAC1 support has been added to PKCS #12 (RFC 9579). * Experimental support for X25519Kyber768Draft00 hybrid post-quantum key agreement has been added (`draft-tls-westerbaan-xyber768d00`). It will be removed in a future release. * `lib::pkix` is the default validator in RHEL 10. * RSA certificates with keys shorter than 2048 bits stop working in SSL servers, in accordance with the system-wide cryptographic policy.