Fix and improve the change log

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-03-11 13:40:24 +01:00
parent 53dff7b0af
commit 44193fa573

View File

@ -1,10 +1,10 @@
Security
* When negotiating TLS version on server side, do not fallback to the
TLS 1.2 implementation of the protocol if it is not enabled.
* When negotiating TLS version on server side, do not fall back to the
TLS 1.2 implementation of the protocol if it is disabled.
- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
client was able to put the TLS 1.3-only server in an infinite loop
processing a TLS 1.2 ClientHello, resulting in a Denial of Service.
Reported by Matthias Mucha and Thomas Blattmann, SICK AG.
client could put the TLS 1.3-only server in an infinite loop processing
a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
Matthias Mucha and Thomas Blattmann, SICK AG.
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully established a connection with the TLS 1.3-only
server. Reported by alluettiv on GitHub.
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.