Lines Matching full:tls
1 Mbed TLS ChangeLog (Sorted per branch, date)
3 = Mbed TLS 3.5.2 branch released 2024-01-26
18 = Mbed TLS 3.5.1 branch released 2023-11-06
21 * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
28 = Mbed TLS 3.5.0 branch released 2023-10-05
31 * Mbed TLS 3.4 introduced support for omitting the built-in implementation
42 function, needed for TLS 1.3 ticket lifetimes. Alternative implementations
80 MBEDTLS_ECDH_C in the build in order to save code size. For TLS 1.2
83 TLS 1.2 (ECDHE-ECDSA key exchange) are not supported in those builds yet,
92 * Add support for server-side TLS version negotiation. If both TLS 1.2 and
93 TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or
94 TLS 1.3 depending on the capabilities and preferences of TLS clients.
137 * Add support for FFDH key exchange in TLS 1.3.
176 be completely zeroized during TLS 1.2 handshake, in both server and client
201 undefined. Mbed TLS itself was unaffected by this, but user code
203 release containing this bug was Mbed TLS 3.4.0.
204 * Fix a buffer overread when parsing short TLS application data records in
206 * Fix a remotely exploitable heap buffer overflow in TLS handshake parsing.
207 In TLS 1.3, all configurations are affected except PSK-only ones, and
209 In TLS 1.2, the affected configurations are those with
255 * In TLS 1.3, fix handshake failure when a client in its ClientHello
263 with all TLS support disabled. Fixes #6628.
286 * Fix undefined symbols in some builds using TLS 1.3 with a custom
316 = Mbed TLS 3.4.1 branch released 2023-08-04
324 = Mbed TLS 3.4.0 branch released 2023-03-28
327 * The default priority order of TLS 1.3 cipher suites has been modified to
328 follow the same rules as the TLS 1.2 cipher suites (see
386 and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled.
387 Restartable/interruptible ECDSA operations in PK, X.509 and TLS are not
401 corresponding TLS 1.2 key exchange to work, MBEDTLS_USE_PSA_CRYPTO needs
412 * It is now possible to use a PSA-held (opaque) password with the TLS 1.2
420 * Fix a potential heap buffer overread in TLS 1.3 client-side when
439 * In TLS 1.3, when using a ticket for session resumption, tweak its age
442 Mbed TLS ticket timestamps (in seconds) to compute a ticket age smaller
468 inadvertently broken since Mbed TLS 3.0.
475 subidentifiers can be valid, but Mbed TLS cannot currently handle them.
480 * Fix the handling of renegotiation attempts in TLS 1.3. They are now
482 * Fix an unused-variable warning in TLS 1.3-only builds if
491 * In the TLS 1.3 server, select the preferred client cipher suite, not the
492 least preferred. The selection error was introduced in Mbed TLS 3.3.0.
493 * Fix TLS 1.3 session resumption when the established pre-shared key is
523 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/
535 = Mbed TLS 3.3.0 branch released 2022-12-14
543 Mbed TLS, then you need to define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
547 same build of Mbed TLS, please let us know about your situation on the
564 * Support rsa_pss_rsae_* signature algorithms in TLS 1.2.
584 * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now
591 for authentication in TLS 1.3.
596 1024 messages. As such, it is not intended for use in TLS, but instead
602 * Mbed TLS now supports TLS 1.3 key establishment via pre-shared keys.
608 control the support for the three possible TLS 1.3 key exchange modes.
621 * The TLS 1.2 EC J-PAKE key exchange can now use the PSA Crypto API.
633 calculation that can be used to derive the session secret in TLS 1.2,
634 as described in draft-cragie-tls-ecjpake-01. This can be achieved by
667 * Fix an interoperability failure between an Mbed TLS client with both
668 TLS 1.2 and TLS 1.3 support, and a TLS 1.2 server that supports
669 rsa_pss_rsae_* signature algorithms. This failed because Mbed TLS
670 advertised support for PSS in both TLS 1.2 and 1.3, but only
671 actually supported PSS in TLS 1.3.
682 configurations with only one encryption type enabled in TLS 1.2.
699 in TLS PRF code. Reported by Michael Madsen in #6516.
700 * Fix TLS 1.3 session resumption. Fixes #6488.
702 in TLS 1.3 (where it is forbidden).
716 the TLS 1.2 server certificate request would get corrupted, meaning the
739 = Mbed TLS 3.2.1 branch released 2022-07-12
744 = Mbed TLS 3.2.0 branch released 2022-07-11
769 mbedtls_ssl_conf_sig_algs(). Signature algorithms for the TLS 1.2 and
770 TLS 1.3 handshake should now be configured with
787 * Add ALPN support in TLS 1.3 clients.
811 during TLS handshake.
828 * Add support for authentication of TLS 1.3 clients by TLS 1.3 servers.
829 * Add support for server HelloRetryRequest message. The TLS 1.3 client is
832 * Add support for client-side TLS version negotiation. If both TLS 1.2 and
833 TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now
834 negotiates TLS 1.3 or TLS 1.2 with TLS servers.
835 * Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
837 * Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key
844 affected only a limited subset of crypto operations in TLS, X.509 and PK,
849 TLS and X.509 modules.
850 * Opaque pre-shared keys for TLS, provisioned with
872 * Fix a potential heap buffer overread in TLS 1.2 server-side when
885 * Fix a buffer overread in TLS 1.3 Certificate parsing. An unauthenticated
892 * Fix check of certificate key usage in TLS 1.3. The usage of the public key
896 to an Mbed TLS TLS 1.3 server or client while it does not own a proper
905 TLS 1.3 handshake and application traffic secret.
908 * Fix a bug in (D)TLS curve negotiation: when MBEDTLS_USE_PSA_CRYPTO was
914 * The TLS 1.3 implementation is now compatible with the
934 The fix was released, but not announced, in Mbed TLS 3.1.0.
949 * Fix a TLS 1.3 handshake failure when the peer Finished message has not
963 * Fix a TLS 1.3 handshake failure when the first attempt to send the client
969 connection identifier, the Mbed TLS client now properly sends the server
978 which have been broken, resulting in compilation errors, since Mbed TLS
980 * Ensure that TLS 1.2 ciphersuite/certificate and key selection takes into
1014 = mbed TLS 3.1.0 branch released 2021-12-17
1021 * You can configure groups for a TLS key exchange with the new function
1043 * The identifier of the CID TLS extension can be configured by defining
1066 * Mbed TLS provides a minimum viable implementation of the TLS 1.3
1068 the TLS 1.3 Minimum Viable Product (MVP). The MBEDTLS_SSL_PROTO_TLS1_3
1071 to select the 1.3 version of the protocol to establish a TLS connection.
1113 This does not concern the implementation provided with Mbed TLS,
1162 oversight during the run-up to the release of Mbed TLS 3.0.
1193 = Mbed TLS 3.0.0 branch released 2021-07-07
1202 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-entropy-sources-to-entropy-pool/ for
1205 * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
1225 * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
1226 * Drop support for RC4 TLS ciphersuites.
1275 In Mbed TLS 2.X, the API prescribes that later calls overwrite
1276 the effect of earlier calls. In Mbed TLS 3.0, calling
1328 in TLS 1.3. Finally, the key export callback and
1353 * Some default policies for X.509 certificate verification and TLS have
1355 by default. The default order in TLS now favors faster curves over larger
1363 * If you build the development version of Mbed TLS, rather than an official
1385 https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html
1409 * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for
1503 Mbed TLS 2.20.0.
1541 * In a TLS client, enforce the Diffie-Hellman minimum parameter size
1548 be adequate to build Mbed TLS.
1552 * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
1562 * Restore the ability to configure PSA via Mbed TLS options to support RSA
1566 * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
1579 could notably be triggered by setting the TLS debug level to 3 or above
1589 A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
1591 mbedtls_mpi_read_xxx functions (including in particular TLS code) since
1595 effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
1639 * Add CMake package config generation for CMake projects consuming Mbed TLS.
1647 Defining it to a particular value will ensure that Mbed TLS interprets
1649 used by the Mbed TLS release whose MBEDTLS_VERSION_NUMBER has the same
1651 The only value supported by Mbed TLS 3.0.0 is 0x03000000.
1653 * during the TLS handshake.
1659 = mbed TLS 2.26.0 branch released 2021-03-08
1695 * Partial implementation of the PSA crypto driver interface: Mbed TLS can
1700 applications using TLS and MBEDTLS_USE_PSA_CRYPTO) can now use the PSA
1746 twice is safe. This happens for RSA when some Mbed TLS library functions
1770 = mbed TLS 2.25.0 branch released 2020-12-11
1842 obtain entropy, or due to an internal failure (which, for Mbed TLS's own
1916 until this property was inadvertently broken in Mbed TLS 2.19.0.
1936 = mbed TLS 2.24.0 branch released 2020-09-01
1982 * In (D)TLS record decryption, when using a CBC ciphersuites without the
2049 = mbed TLS 2.23.0 branch released 2020-07-01
2058 removable through Mbed TLS after the upgrade.
2103 Completes a previous fix in Mbed TLS 2.19 that only fixed the build for
2156 dropped. As a consequence, the TLS handshake now fails when the output
2172 = mbed TLS 2.22.0 branch released 2020-04-14
2219 = mbed TLS 2.21.0 branch released 2020-02-20
2226 library which allows TLS authentication to use keys stored in a
2269 = mbed TLS 2.20.0 branch released 2020-01-15
2358 = mbed TLS 2.19.1 branch released 2019-09-16
2364 TLS sessions with tools like Wireshark.
2375 = mbed TLS 2.19.0 branch released 2019-09-06
2395 store it in non-volatile storage, and later using it for TLS session
2486 * Remove the crypto part of the library from Mbed TLS. The crypto
2488 Mbed TLS references as a Git submodule.
2490 = mbed TLS 2.18.1 branch released 2019-07-12
2497 * Enable building of Mbed TLS as a CMake subproject. Suggested and fixed by
2500 = mbed TLS 2.18.0 branch released 2019-06-11
2512 and the used tls-prf.
2513 * Add public API for tls-prf function, according to requested enum.
2523 in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
2535 and the used tls-prf.
2536 * Add public API for tls-prf function, according to requested enum.
2582 = mbed TLS 2.17.0 branch released 2019-03-19
2666 = mbed TLS 2.16.0 branch released 2018-12-21
2723 = mbed TLS 2.15.1 branch released 2018-11-30
2728 = mbed TLS 2.15.0 branch released 2018-11-23
2741 = mbed TLS 2.14.1 branch released 2018-11-30
2746 attack. In TLS, this affects servers that accept ciphersuites based on
2770 = mbed TLS 2.14.0 branch released 2018-11-19
2788 security of TLS, but can matter in other contexts with numbers chosen
2805 implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
2870 * Close a test gap in (D)TLS between the client side and the server side:
2892 = mbed TLS 2.13.1 branch released 2018-09-06
2899 MBEDTLS_PLATFORM_GMTIME_R_ALT. At this stage Mbed TLS is only able to
2906 = mbed TLS 2.13.0 branch released 2018-08-31
2947 * Fix a bug that caused SSL/TLS clients to incorrectly abort the handshake
2948 with TLS versions 1.1 and earlier when the server requested authentication
2951 introduced in Mbed TLS 2.12.0. Fixes #1954.
2954 or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
2973 = mbed TLS 2.12.0 branch released 2018-07-25
2976 * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
2977 in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
2980 this recovery by sending many messages in the same connection. With TLS
2989 * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
2993 targeting an internal MD/SHA buffer. With TLS or if
2999 * Add a counter-measure against a vulnerability in TLS ciphersuites based
3000 on CBC, in (D)TLS 1.0 to 1.2, that allowed a local attacker, able to
3038 * Added length checks to some TLS parsing functions. Found and fixed by
3051 TLS 1.0. Reported by @kFYatek and by Conor Murphy on the forum. Fix
3061 * Fail when receiving a TLS alert message with an invalid length, or invalid
3062 zero-length messages when using TLS 1.2. Contributed by Espressif Systems.
3072 = mbed TLS 2.11.0 branch released 2018-06-18
3082 * In TLS servers, support offloading private key operations to an external
3084 non-blocking operation of the TLS server stack.
3101 = mbed TLS 2.10.0 branch released 2018-06-06
3104 * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites
3109 functionality shared by multiple Mbed TLS modules. At this stage
3123 * Support TLS testing in out-of-source builds using cmake. Fixes #1193.
3127 = mbed TLS 2.9.0 branch released 2018-04-30
3145 offer or a ciphersuite that cannot be used with the TLS or DTLS version
3181 * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
3202 maintained 2.7 branch. The soversion was increased in Mbed TLS
3208 * Support cmake builds where Mbed TLS is a subproject. Fix contributed
3252 = mbed TLS 2.8.0 branch released 2018-03-16
3256 that when both sides of a TLS connection negotiate the truncated
3257 HMAC extension, Mbed TLS can now interoperate with other
3259 prior versions of Mbed TLS. To restore the old behavior, enable
3297 daniel in the Mbed TLS forum. #1351
3299 * Fix setting version TLSv1 as minimal version, even if TLS 1
3333 = mbed TLS 2.7.0 branch released 2018-02-03
3341 both TLS and DTLS. CVE-2018-0488
3459 Found independently by Florian in the mbed TLS forum and by Mishamax.
3473 RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
3502 Note, this padding mode is not used by the TLS protocol. Found and fixed by
3536 = mbed TLS 2.6.0 branch released 2017-08-10
3539 * Fix authentication bypass in SSL/TLS: when authmode is set to optional,
3559 * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
3560 API consistent with mbed TLS 2.5.0. Specifically removed the inline
3567 * With authmode set to optional, the TLS handshake is now aborted if the
3596 * Avoid shadowing of time and index functions through mbed TLS function
3612 = mbed TLS 2.5.1 released 2017-06-21
3623 * Fixed offset in FALLBACK_SCSV parsing that caused TLS server to fail to
3661 = mbed TLS 2.5.0 branch released 2017-05-17
3700 = mbed TLS 2.4.2 branch released 2017-03-08
3714 CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
3733 x509_csr.c that are reported when building mbed TLS with a config.h that
3761 Raised and fix suggested by Alan Gillingham in the mbed TLS forum. #771
3768 = mbed TLS 2.4.1 branch released 2016-12-13
3775 = mbed TLS 2.4.0 branch released 2016-10-17
3779 with RFC-5116 and could lead to session key recovery in very long TLS
3781 TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P. Jovanovic.
3856 = mbed TLS 2.3.0 branch released 2016-06-28
3863 (not triggerable remotely in (D)TLS).
3866 SSL/TLS.
3906 = mbed TLS 2.2.1 released 2016-01-05
3911 remotely in SSL/TLS. Found by Rafał Przywara. #367
3912 * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
3913 SLOTH attack on TLS 1.2 server authentication (other attacks from the
3914 SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
3921 Nicholas Wilson. Introduced in mbed TLS 2.2.0. #280
3930 = mbed TLS 2.2.0 released 2015-11-04
3951 block. (Potential uses include EAP-TLS and Thread.)
3978 = mbed TLS 2.1.2 released 2015-10-06
3993 of TLS, but might be in other uses. On 32 bit machines, requires reading a
3998 Intelworks. Not triggerable remotely in TLS. Triggerable remotely if you
4002 Intelworks. Not trigerrable remotely in TLS.
4022 = mbed TLS 2.1.1 released 2015-09-17
4027 https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/
4049 = mbed TLS 2.1.0 released 2015-09-04
4100 = mbed TLS 2.0.0 released 2015-07-13
4118 You now need to link to all of them if you use TLS for example.
4238 * The default minimum TLS version is now TLS 1.0.
4239 * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
4243 * The default authmode for SSL/TLS clients is now REQUIRED.
4283 = mbed TLS 1.3 branch
4375 = mbed TLS 1.3.10 released 2015-02-09
4382 crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
4385 (TLS server is not affected if it doesn't ask for a client certificate)
4388 (TLS server is not affected if it doesn't ask for a client certificate)
4395 * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
4396 * Add support for Extended Master Secret (draft-ietf-tls-session-hash).
4437 * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
4455 TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
4485 * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
4487 * Ciphersuites using RSA-PSK key exchange new require TLS 1.x (the spec is
4526 * Selection of hash for signing ServerKeyExchange in TLS 1.2 now picks
4544 versions < TLS 1.1).
4546 rejected with CBC-based ciphersuites and TLS >= 1.1
4548 to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
4797 * Support for Brainpool curves and TLS ciphersuites (RFC 7027)
4803 * TLS compression only allocates working buffer once
4821 * Ephemeral Elliptic Curve Diffie Hellman support for SSL/TLS
4823 * Ephemeral Elliptic Curve Digital Signature Algorithm support for SSL/TLS
4847 * Ability to enable / disable SSL v3 / TLS 1.0 / TLS 1.1 / TLS 1.2
4900 Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting
4905 crafted X.509 certificate (TLS server is not affected if it doesn't ask
4908 (TLS server is not affected if it doesn't ask for a client certificate)
4911 (TLS server is not affected if it doesn't ask for a client certificate)
4914 (TLS server is not affected if it doesn't ask for a client certificate).
5158 * Correctly handle CertificateRequest message in client for <= TLS 1.1
5202 * Added TLS 1.2 support (RFC 5246)
5203 * Added GCM suites to TLS 1.2 (RFC 5288)
5205 * Added support for Hardware Acceleration hooking in SSL/TLS
5217 * Added option to add minimum accepted SSL/TLS protocol version
5232 in SSL/TLS
5326 * Correctly handle empty SSL/TLS packets (Found by James Yonan)
5548 * Added support for TLS v1.1
5680 SSL/TLS code.
5718 * Added support on the client side for the TLS "hostname" extension
5750 * Added lots of debugging output in the SSL/TLS functions
5754 * Added an SSL/TLS stress testing program (ssl_test.c)
5784 * Ciphers used in SSL/TLS can now be disabled at compile