mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-14 07:20:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1187 from ronald-cron-arm/issue-1185

Browse Source 
Add security change log for issue 1185
This commit is contained in:
Ronald Cron 2024-03-11 18:04:47 +01:00 committed by GitHub
commit e98a492cf5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog.d/tls13-only-server.txt Normal file
View File

@ -0,0 +1,10 @@
Security
* When negotiating TLS version on server side, do not fall back to the
TLS 1.2 implementation of the protocol if it is disabled.
- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
client could put the TLS 1.3-only server in an infinite loop processing
a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
Matthias Mucha and Thomas Blattmann, SICK AG.
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.