Mbed-TLS/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-06-05 21:15:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
308e7fb232595e52d732b298e7f37b3407ad8812
mbedtls/ChangeLog.d/tls12-2nd-client-hello.txt
T
Ronald Cron 622b69d1d0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2026-03-10 19:24:19 +01:00

10 lines
514 B
Plaintext
Raw Blame History

Security
* Fixed an issue in TLS 1.3 server handling of the second ClientHello, after
sending a HelloRetryRequest message. A man-in-the-middle attacker could
force a TLS 1.3 session resumption using a ticket to fall back to an
unintended TLS 1.2 session resumption with an all-zero master secret.
This could result in client authentication being bypassed and allow client
impersonation.
Found and reported by Jaehun Lee, Pohang University of Science and
Technology (POSTECH).
Reference in New Issue View Git Blame Copy Permalink