The NSS team has released Network Security Services (NSS) 3.40,
which is a minor release.

Notable bug fixes:
* Bug 1478698 - FFDHE key exchange sometimes fails with decryption failure

New functionality:
* The draft-00 version of encrypted SNI support is implemented
* tstclnt now takes -N option to specify encrypted SNI key

Notable changes:
* The mozilla::pkix library has been ported from Mozilla PSM to NSS.
This is a C++ library for building certification paths.
mozilla::pkix APIs are not exposed in the libraries NSS builds.
* It is easier to build NSS on Windows in mozilla-build environments.
* The following CA certificates were Removed:
CN = Visa eCommerce Root

Please refer to the release notes for the complete list of changes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40_release_notes

The HG tag is NSS_3_40_RTM. NSS 3.40 requires NSPR 4.20 or newer.

NSS 3.40 source distributions are available for secure download:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_40_RTM/src/

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&product=NSS&target_milestone=3.40