Update reference to attack in ChangeLog
We couldn't do that before the attack was public
This commit is contained in:
parent
bfafadb45d
commit
f92c86e44d
1 changed files with 4 additions and 1 deletions
|
@ -6,7 +6,10 @@ Security
|
|||
* Fix potential double free when mbedtls_asn1_store_named_data() fails to
|
||||
allocate memory. Only used for certificate generation, not triggerable
|
||||
remotely in SSL/TLS. Found by Rafał Przywara. #367
|
||||
* Disable MD5 handshake signatures in TLS 1.2 by default
|
||||
* Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
|
||||
SLOTH attack on TLS 1.2 server authentication (other attacks from the
|
||||
SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
|
||||
https://www.mitls.org/pages/attacks/SLOTH
|
||||
|
||||
Bugfix
|
||||
* Fix over-restrictive length limit in GCM. Found by Andreas-N. #362
|
||||
|
|
Loading…
Reference in a new issue