mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-13 14:45:35 +00:00
Add a ChangeLog entry for session serialisation
This commit is contained in:
parent
749312fb8a
commit
2d8847e84d
20
ChangeLog
20
ChangeLog
|
@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
= mbed TLS 2.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Make mbedtls_ecdh_get_params return an error if the second key
|
||||
belongs to a different group from the first. Before, if an application
|
||||
passed keys that belonged to different group, the first key's data was
|
||||
interpreted according to the second group, which could lead to either
|
||||
an error or a meaningless output from mbedtls_ecdh_get_params. In the
|
||||
latter case, this could expose at most 5 bits of the private key.
|
||||
|
||||
Features
|
||||
* Add support for draft-05 of the Connection ID extension, as specified
|
||||
in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
|
||||
|
@ -12,14 +20,10 @@ Features
|
|||
changed its IP or port. The feature is enabled at compile-time by setting
|
||||
MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
|
||||
through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
|
||||
|
||||
Security
|
||||
* Make mbedtls_ecdh_get_params return an error if the second key
|
||||
belongs to a different group from the first. Before, if an application
|
||||
passed keys that belonged to different group, the first key's data was
|
||||
interpreted according to the second group, which could lead to either
|
||||
an error or a meaningless output from mbedtls_ecdh_get_params. In the
|
||||
latter case, this could expose at most 5 bits of the private key.
|
||||
* Add new API functions mbedtls_ssl_session_save() and
|
||||
mbedtls_ssl_session_load() to allow serialising a session, for example to
|
||||
store it in non-volatile storage, and later using it for TLS session
|
||||
resumption.
|
||||
|
||||
Bugfix
|
||||
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
|
||||
|
|
Loading…
Reference in a new issue