mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 02:35:40 +00:00
Update reference to attack in ChangeLog
We couldn't do that before the attack was public
This commit is contained in:
parent
543e4366bc
commit
ddf118961a
|
@ -6,7 +6,10 @@ Security
|
|||
* Fix potential double free when mbedtls_asn1_store_named_data() fails to
|
||||
allocate memory. Only used for certificate generation, not triggerable
|
||||
remotely in SSL/TLS. Found by Rafał Przywara. #367
|
||||
* Disable MD5 handshake signatures in TLS 1.2 by default
|
||||
* Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
|
||||
SLOTH attack on TLS 1.2 server authentication (other attacks from the
|
||||
SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
|
||||
https://www.mitls.org/pages/attacks/SLOTH
|
||||
|
||||
Bugfix
|
||||
* Fix over-restrictive length limit in GCM. Found by Andreas-N. #362
|
||||
|
|
Loading…
Reference in a new issue