TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c522255e33e378a5fe8d92d931ee3eada4a989e1^! / .
commitc522255e33e378a5fe8d92d931ee3eada4a989e1[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Thu Feb 08 10:26:07 2024 +0100
committerRonald Cron <ronald.cron@arm.com>Fri Feb 09 08:26:58 2024 +0100
tree0e99d12bf78d1a2b97b72b548127bc23c116c5fa
parent90abb224f7f38a061813a81dc98d5de202d69808 [diff]
Add change log

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

diff --git a/ChangeLog.d/tls-max-version-reset.txt b/ChangeLog.d/tls-max-version-reset.txt
new file mode 100644
index 0000000..2fa5816
--- /dev/null
+++ b/ChangeLog.d/tls-max-version-reset.txt

@@ -0,0 +1,6 @@
+Security
+   * Restore the maximum TLS version to be negotiated to the configured one
+     when an SSL context is reset with the mbedtls_ssl_session_reset() API.
+     An attacker was able to prevent an Mbed TLS server from establishing any
+     TLS 1.3 connection potentially resulting in a Denial of Service or forced
+     version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e.