mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-10-25 16:57:06 +00:00
441d6f9833
In a USENIX WOOT '16 paper the authors warn about a security risk of random Initialisation Vectors (IV) repeating values. The MBEDTLS_SSL_AEAD_RANDOM_IV feature is affected by this risk and it isn't compliant with RFC5116. Furthermore, strictly speaking it is a different cipher suite from the TLS (RFC5246) point of view. Removing the MBEDTLS_SSL_AEAD_RANDOM_IV feature to resolve the above problems. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS", USENIX WOOT '16 |
||
|---|---|---|
| .. | ||
| polarssl | ||
| .gitignore | ||
| CMakeLists.txt | ||