curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: About the upcoming deprecation of NSS

From: Aaltonen Eero via curl-library <>
Date: Thu, 11 Aug 2022 11:32:57 +0000

On Tue, 2022-07-19 at 11:39 +0200, Daniel Stenberg via curl-library
> On Sun, 17 Jul 2022, lwthiker via curl-library wrote:
> > I've just found out about the upcoming deprecation of the NSS
> > support while trying to build curl with it. I'd like to point out a
> > current use case for using curl+NSS as part of "curl-impersonate",
> > a curl fork that I maintain and is available at
> >;;sdata=0bTrNTqMyDTznLa83gSBVScJVgeBFx9Kkur6THgsvkM%3D&amp;reserved=0
> > .
> > NSS is used there to configure curl to look like Firefox when it
> > comes to the TLS handshake. The project seems to have quite a
> > substantial number of users using it currently, and specifically
> > the Firefox mode.
> Thanks for pointing this out, it should certainly be taken into
> account and used when making a decision about NSS's future in curl.


> The additional magic that allowed NSS code to read PEM certs from
> file made curl+NSS get features used by a lot of users requires extra
> external magic, so when you use curl+NSS outside of Red Hat Linux
> that's not available and it becomes a less pleasent experience.

In Debian and Ubuntu, said magic is provided in the
nss-plugin-pem package.

Eero Aaltonen
Received on 2022-08-11