espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2026-06-05 21:14:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1486 from ronald-cron-arm/tls12-2nd-client-hello

Browse Source 
Fix TLS 1.2 client hello after HRR
This commit is contained in:
Manuel Pégourié-Gonnard
2026-03-16 10:58:50 +01:00
committed by GitHub
parent cb4d172ce0 622b69d1d0
commit d8868c432f
4 changed files with 166 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog.d/tls12-2nd-client-hello.txt
+9
View File
@@ -0,0 +1,9 @@
Security
* Fixed an issue in TLS 1.3 server handling of the second ClientHello, after
sending a HelloRetryRequest message. A man-in-the-middle attacker could
force a TLS 1.3 session resumption using a ticket to fall back to an
unintended TLS 1.2 session resumption with an all-zero master secret.
This could result in client authentication being bypassed and allow client
impersonation.
Found and reported by Jaehun Lee, Pohang University of Science and
Technology (POSTECH).