Add ChangeLog entry
This commit is contained in:
parent
d0e55a4657
commit
104d85865d
1 changed files with 15 additions and 0 deletions
15
ChangeLog
15
ChangeLog
|
@ -2,6 +2,21 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
|
||||
in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
|
||||
partially recover the plaintext of messages under some conditions by
|
||||
exploiting timing measurements. With DTLS, the attacker could perform
|
||||
this recovery by sending many messages in the same connection. With TLS
|
||||
or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
|
||||
worked if the same secret (for example a HTTP Cookie) has been repeatedly
|
||||
sent over connections manipulated by the attacker. Connections using GCM
|
||||
or CCM instead of CBC, using hash sizes other than SHA-384, or using
|
||||
Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
|
||||
caused by a miscalculation (for SHA-384) in a countermeasure to the
|
||||
original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
|
||||
Shamir.
|
||||
|
||||
API Changes
|
||||
* Extend the platform module with a util component that contains
|
||||
functionality shared by multiple Mbed TLS modules. At this stage
|
||||
|
|
Loading…
Reference in a new issue