Add ChangeLog entry

This commit is contained in:
Gilles Peskine 2018-06-27 10:57:33 +02:00
parent bb07ca0bfb
commit b2d88404a3

View file

@ -2,6 +2,21 @@ mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS x.x.x branch released xxxx-xx-xx = mbed TLS x.x.x branch released xxxx-xx-xx
Security
* Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
in (D)TLS 1.0 to 1.2, that allowed an active network attacker to
partially recover the plaintext of messages under some conditions by
exploiting timing measurements. With DTLS, the attacker could perform
this recovery by sending many messages in the same connection. With TLS
or if mbedtls_ssl_conf_dtls_badmac_limit() was used, the attack only
worked if the same secret (for example a HTTP Cookie) has been repeatedly
sent over connections manipulated by the attacker. Connections using GCM
or CCM instead of CBC, using hash sizes other than SHA-384, or using
Encrypt-then-Mac (RFC 7366) were not affected. The vulnerability was
caused by a miscalculation (for SHA-384) in a countermeasure to the
original Lucky 13 attack. Found by Kenny Paterson, Eyal Ronen and Adi
Shamir.
Bugfix Bugfix
* Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by * Fix redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by
TrinityTonic. #1359. TrinityTonic. #1359.