I am pleased to announce the latest release of NetSurf is now available.
NetSurf 3.9 features support for CSS Media Queries (level 4) and
Also included are many bug fixes and improvements.
We recommend all users upgrade to NetSurf 3.9.
On 21 Jul 2019 netsurf-dev-owner(a)netsurf-browser.org wrote:
> You are not allowed to post to this mailing list, and your message has
> been automatically rejected. If you think that your messages are
> being rejected in error, contact the mailing list owner at
Why have I received this message, when the reply to the NetSurf list list
has been already posted on the list?
Peter, a.k.a puzzled of Cheltenham.
Peter Young (zfc Hg) and family
Prestbury, Cheltenham, Glos. GL52, England
Little more than a week ago I posted about the Security Certs for NS 3.8. I was not aware at that time that NS 3.9 was already available (I was using a link provided for D/L of 3.8). Since there has been other bugs/problems, I thought to provide the actual results. The location of this Qualys Client Test is
Presuming the Certs are within NS 3.8, it would appear that the "weak" certs be removed for added security. I did not receive an answer to the question if the certs are tapped from the Distribution or the Browser. So, here are the results...
TLS 1.3 No
TLS 1.2 Yes*
TLS 1.1 Yes*
TLS 1.0 Yes*
SSL 3 Yes*
SSL 2 No
Cipher Suites (in order of preference)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) WEAK 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) WEAK 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff) -
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don't refresh.
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling No
Signature algorithms SHA512/RSA, SHA512/DSA, SHA512/ECDSA, SHA384/RSA, SHA384/DSA, SHA384/ECDSA, SHA256/RSA, SHA256/DSA, SHA256/ECDSA, SHA224/RSA, SHA224/DSA, SHA224/ECDSA, SHA1/RSA, SHA1/DSA, SHA1/ECDSA
Named Groups secp256r1, secp521r1, brainpoolP512r1, brainpoolP384r1, secp384r1, brainpoolP256r1, secp256k1, sect571r1, sect571k1, sect409k1, sect409r1, sect283k1, sect283r1
Next Protocol Negotiation Yes
Application Layer Protocol Negotiation No
SSL 2 handshake compatibility No
Paul S. in CT
A lot of features and bug fixes have happened since the 3.8 release so
I am considering producing a 3.9 soon.
The merging of the work to add css media queries has resulted in much
improved rendering on many web sites including making our handling of
CSS length  calculations much more sensible especially useful on
higher DPI displays.
The completion of the monkey test frontend harness and associated
infrastructure has resulted in numerous issues being discovered and
Additional testing also means our handling of some core things like
HTTP headers and basic web authentication has improved and should not
regress in future.
There have also been a great number of resource leaks fixed improving
the browsers overall memory usage.
I had intended to release before now but testing kept revealing
issues, however I now believe that we are ready for a 3.9 release
candidate on Sunday June 16th with the actual release on Saturday June
22nd unless critical bugs are discovered.
If anyone has a reasonable objection to this please let me know as
soon as possible and I will reconsider.
I can report that the Atari CI builds are working nicely again.
A big thanks to the guys on atari-forum.org and all the Netsurf
developers and contributors.
> Date: Wed, 27 Mar 2019 21:38:06 +0000 (GMT)
> From: Peter Slegg <pslegg(a)scubadivers.co.uk>
> Subject: Atari CI builds
> To: <netsurf-users(a)netsurf-browser.org>
> Message-ID: <0018c12b.03001490303e(a)smtp.freeola.net>
> Are the Atari CI builds still working ?
> The last one was 19th Feb.