mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-29 09:21:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9edd7fd002
mbedtls/ChangeLog.d/tls13-only-server.txt
Janos Follath 9edd7fd002 Add CVE IDs to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-03-14 09:38:03 +00:00

12 lines
654 B
Plaintext
Raw Blame History

Security
* When negotiating TLS version on server side, do not fall back to the
TLS 1.2 implementation of the protocol if it is disabled.
- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
client could put the TLS 1.3-only server in an infinite loop processing
a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
Matthias Mucha and Thomas Blattmann, SICK AG.
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
was able to successfully establish a TLS 1.2 connection with the server.
Reported by alluettiv on GitHub.
Fixes CVE-2024-28836.
Reference in New Issue View Git Blame Copy Permalink