From 44193fa573e29194bc895a4a704ae28be4dc94b2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 11 Mar 2024 13:40:24 +0100 Subject: [PATCH] Fix and improve the change log Signed-off-by: Ronald Cron --- ChangeLog.d/tls13-only-server.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/tls13-only-server.txt b/ChangeLog.d/tls13-only-server.txt index 0ee63eab85..9583bfb331 100644 --- a/ChangeLog.d/tls13-only-server.txt +++ b/ChangeLog.d/tls13-only-server.txt @@ -1,10 +1,10 @@ Security - * When negotiating TLS version on server side, do not fallback to the - TLS 1.2 implementation of the protocol if it is not enabled. + * When negotiating TLS version on server side, do not fall back to the + TLS 1.2 implementation of the protocol if it is disabled. - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 - client was able to put the TLS 1.3-only server in an infinite loop - processing a TLS 1.2 ClientHello, resulting in a Denial of Service. - Reported by Matthias Mucha and Thomas Blattmann, SICK AG. + client could put the TLS 1.3-only server in an infinite loop processing + a TLS 1.2 ClientHello, resulting in a denial of service. Reported by + Matthias Mucha and Thomas Blattmann, SICK AG. - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client - was able to successfully established a connection with the TLS 1.3-only - server. Reported by alluettiv on GitHub. + was able to successfully establish a TLS 1.2 connection with the server. + Reported by alluettiv on GitHub.