Log Message:
Update to 3.25

Changelog:
The NSS team has released Network Security Services (NSS) 3.25, which is a minor
release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2, 
  NSS only supported certificate_verify messages that used the same
  signature hash algorithm as used by the PRF. 
  This limitation has been removed.
* Several functions have been added to the public API of the NSS
  Cryptoki Framework.

New Functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle

Notable Changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3
* Regression fix: NSS no longer reports a failure if an application attempts
  to disable the SSL v2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
- CN = Sonera Class1 CA
* The following CA certificates were Added 
- CN = Hellenic Academic and Research Institutions RootCA 2015
- CN = Hellenic Academic and Research Institutions ECC RootCA 2015
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3