mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-29 09:21:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
abbf2c4835
mbedtls/ChangeLog.d/tls-max-version-reset.txt
Janos Follath 9edd7fd002 Add CVE IDs to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-03-14 09:38:03 +00:00

8 lines
424 B
Plaintext
Raw Blame History

Security
* Restore the maximum TLS version to be negotiated to the configured one
when an SSL context is reset with the mbedtls_ssl_session_reset() API.
An attacker was able to prevent an Mbed TLS server from establishing any
TLS 1.3 connection potentially resulting in a Denial of Service or forced
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.
Fixes CVE-2024-28755.
Reference in New Issue View Git Blame Copy Permalink