PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Tech Updates

Getting up to speed

We want to keep you up to date on everything that is happening with mbed TLS from a technical perspective. All mbed TLS technical updates are announced here and on the mailing lists. Just indicate what you are interested in to us!

Categories

mbed TLS Security Advisory 2017-02

First published: Aug 28, 2017. Updated: Aug 28, 2017

Title Bypass of authentication of peer possible when the authentication mode is configured as 'optional' Date 28th August 2017 Affects All versions of mbed TLS from version 1.3.10 and up, including all 2.1 and later releases Not affected mbed TLS 1.3.9 and earlier Impact Use of the 'optional' authentication mode can permit the peer to bypass peer authentication ...

mbed TLS 2.6.0, 2.1.9 and 1.3.21 released

First published: Aug 22, 2017. Updated: Aug 28, 2017

Mbed TLS 2.6.0, 2.1.9 and 1.3.21 released Description Mbed TLS version 2.6.0 has been released, in addition to maintenance branch releases, Mbed TLS 2.1.9 and 1.3.21. These releases address several security issues, one of which can be remotely exploited, dependent on how application software uses Mbed TLS. Mbed TLS 2.6.0 provides new features and functions, whilst Mbed TLS 2.1.9 and 1.3.21 are...

mbed TLS 2.5.1, 2.1.8 and 1.3.20 released

First published: Jun 21, 2017. Updated: Jul 6, 2017

mbed TLS 2.5.1, 2.1.8 and 1.3.20 released Description mbed TLS version 2.5.1 has been released, as well as releases of maintenance branches, mbed TLS 2.1.8 and 1.3.20. These releases address several security issues. mbed TLS 2.5.1 provides new features and functions, whilst mbed TLS 2.1.8 and 1.3.20 are maintenance releases, and intentionally do not contain new features to avoid changing the...

mbed TLS Security Advisory 2017-01

First published: Mar 11, 2017. Updated: Mar 13, 2017

This Security Advisory describes three vulnerabilities, their impact and fixes for each possible attack. Title Freeing of memory allocated on stack when validating a public key with a secp224k1 curve CVE CVE-2017-2784 Date 10th March 2017 Affects mbed TLS 1.4 and up Not affected mbed TLS 1.3.19 and up, mbed TLS 2.1.7 and up, mbed TLS 2.4.2 and up, and any...

mbed TLS 2.4.2, 2.1.7 and 1.3.19 released

First published: Mar 11, 2017. Updated: Mar 11, 2017

mbed TLS 2.4.2, 2.1.7 and 1.3.19 released Description mbed TLS version 2.4.2 has been released, as well as releases of the maintenance branches, mbed TLS 2.1.7 and 1.3.19. These releases address multiple security issues, some of which can be exploited remotely. These library updates are maintenance releases and intentionally do not change the library interface, to allow users to change library...

mbed TLS 2.4.0, 2.1.6 and 1.3.18 released

First published: Oct 15, 2016. Updated: Mar 11, 2017

mbed TLS 2.4.0, 2.1.6 and 1.3.18 released Description mbed TLS version 2.4.0 has been released, as well as releases of the maintenance branches, mbed TLS 2.1.6 and 1.3.18. mbed TLS version 2.4.0 addresses two security issues, one of which cannot be exploited remotely, and the other is not present in the default configuration. Security (2.4, 2.1, 1.3) Removes the MBEDTLS_SSL_AEAD_RANDOM_IV...

mbed TLS 2.3.0, 2.1.5 and 1.3.17 released

First published: Jun 28, 2016. Updated: Jun 28, 2016

mbed TLS 2.3.0, 2.1.5 and 1.3.17 released Description mbed TLS version 2.3.0 has been released, as well as maintenance releases of stable branches, mbed TLS 2.1.5 and 1.3.17. mbed TLS version 2.3.0 addresses three security issues, two of which are not exploitable remotely, strengthens security defaults, and fixes a few bugs. Each maintenance release contains backports of the relevant...

mbed TLS 2.2.1, 2.1.4, 1.3.16 and PolarSSL 1.2.19 released

First published: Jan 4, 2016. Updated: Jan 6, 2016

Description mbed TLS version 2.2.1 has been released, as well as maintenance releases of stable branches, mbed TLS 2.1.4 and 1.3.16, and PolarSSL 1.2.19. mbed TLS version 2.2.1 addresses a non-remotely exploitable security issue, strengthens security defaults, and fixes a few bugs. Each maintenance release contains backports of the relevant fixes. Security (2.2, 2.1, 1.3) Fixes a potential...

mbed TLS 2.2.0, 2.1.3, 1.3.15 and PolarSSL 1.2.18 released

First published: Nov 1, 2015. Updated: Nov 9, 2015

Description mbed TLS version 2.2.0 has been released, as well as maintenance releases of mbed TLS 2.1.3, and 1.3.15 and PolarSSL 1.2.18. The mbed TLS 2.2.0 release adds experimental support for EC J-PAKE and fixes a number of security issues and bugs, as well as a performance issue. The maintenance releases contain fixes for the security issues as well as other bugs. Security (all...

mbed TLS 2.1.2 and 1.3.14, and PolarSSL 1.2.17 released

First published: Oct 5, 2015. Updated: Oct 7, 2015

Description The maintenance releases mbed TLS 2.1.2 and 1.3.14, and PolarSSL 1.2.17, for the 2.x, 1.3 and 1.2 branches have been published. These releases mainly fix a remotely exploitable vulnerability, as well as other vulnerabilities that are not exploitable remotely, and a few other bugs. Security Guido Vranken of Intelworks has found and reported a total of 8 potential vulnerabilities...

mbed TLS Security Advisory 2015-01

First published: Oct 5, 2015. Updated: Oct 8, 2015

Title Remote attack on clients using session tickets or SNI CVE CVE-2015-5291 Date 5th of October 2015 Affects PolarSSL 1.0 and up Not affected PolarSSL 1.2.17 and up, mbed TLS 1.3.14 and up, mbed TLS 2.1.2 and up and any version with clients not using session tickets nor accepting hostnames from untrusted parties Impact Denial of service and possible remote...

mbed TLS 2.1.1 and 1.3.13, and PolarSSL 1.2.16 released

First published: Sep 18, 2015. Updated: Sep 22, 2015

Description The maintenance releases mbed TLS 2.1.1, mbed TLS 1.3.13 and PolarSSL 1.2.16 for respectively the 2.0, 1.3 and 1.2 branches have been released. These releases are mainly fixing a number of outstanding issues and security fixes that have been back-ported from the 2.0 branch. Security Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures. These...

mbed TLS 2.1.0 released under Apache 2.0

First published: Sep 4, 2015. Updated: Sep 4, 2015

mbed TLS 2.1.0 under Apache 2.0 This second release in the 2.0 branch marks a major point in our licensing strategy. With this release mbed TLS shifts its main open source license to the Apache 2.0 license. The Apache 2.0 license allows closed source use and easier integration in many other open source projects that could not use GPL licensed software. This is also the first release that is...

PolarSSL 1.2.15 and mbed TLS 1.3.12 released

First published: Aug 11, 2015. Updated: Aug 11, 2015

Description The maintenance releases polarssl-1.2.15 and mbedtls-1.3.12 for respectively the 1.2 and 1.3 branch have been released. These releases are mainly fixing a number of outstanding issues and security fixes that have been back-ported from the 2.0 branch. Security In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size...

mbed TLS 2.0 defaults implement best practices

First published: Jul 20, 2015. Updated: Jul 24, 2015

One of our major goals in mbed TLS is to be not only easy to use, but more importantly easy to use securely. A part of this is providing good default values for security parameters. In mbed TLS 2.0, the defaults were updated to match the recommendations of RFC 7525, which documents the best current practices for (D)TLS deployments. This article goes into the details how the recommendations are...

mbed TLS 2.0.0 released

First published: Jul 10, 2015. Updated: Jul 13, 2015

Major release mbed TLS 2.0.0 Our first major release of mbed TLS after the acquisition into ARM has been released today. This release incorporates a number of larger architectural improvements that we wanted to include for a while now. That does mean that mbed TLS 2.0 is not a drop-in replacement for your current version, even if you use the latest mbed TLS 1.3.11 version. In order to help...

PolarSSL 1.2.14 released

First published: Jun 26, 2015. Updated: Jun 26, 2015

Description PolarSSL 1.2.14 has been released! Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting this will be made in the 1.2 branch at this point. This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch. Security Most important are the security fixes that have been back-ported to the 1.2 branch....

Testing the DTLS release

First published: Jun 16, 2015. Updated: Jul 24, 2015

Adding a new protocol to an existing product is not trivial. In order to make sure we can have assurance in the new DTLS protocol, the team did extensive testing and even created new tools in the process for our automated testing framework. The branch that adds support for DTLS 1.0 and 1.2, was released recently as a preview, still under the old PolarSSL 1.4 name. As every released version, it...

Preparing for the 2.0 upgrade

First published: Jun 9, 2015. Updated: Jun 12, 2015

In the coming weeks we should be releasing a new major version: mbed TLS 2.0, which will be the first official branch with DTLS support. While we take great care not to break API compatibility within a stable branch, upgrading to a new stable branch usually requires some manual intervention. The 2.0 release will have a larger number of such changes than usual, and we hope to make the transition...

mbed TLS 1.3.11 released

First published: Jun 4, 2015. Updated: Aug 11, 2015

Description mbed 1.3.11 has been released! This release is mainly fixing a number of outstanding issues and security fixes. Minor features have been added to enhance functionality and usability. Security Handling of the SSL_VERIFY_OPTIONAL authmode was changed to make sure that information about keyUsage and extendedKeyUsage was properly propagated and accessible to the calling function. Just...

PolarSSL 1.2.13 released

First published: Feb 16, 2015. Updated: Feb 16, 2015

Description PolarSSL 1.2.13 has been released! Note: Although PolarSSL has been renamed to mbed TLS, no changes reflecting this will be made in the 1.2 branch at this point. This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch. Security Most important are the security fixes that have been back-ported to the 1.2 branch....

mbed TLS 1.4 DTLS preview release

First published: Feb 16, 2015. Updated: Feb 18, 2015

Description This is a feature preview release of the DTLS functionality within mbed TLS. This release is built on top of the recent mbed TLS 1.3.10 release. The only feature added is the DTLS 1.0 and 1.2 functionality as specified in RFC 6347. This release is not updated for bug fixes and security fixes in general and should not be used to base projects on. There are some API changes as a...

mbed TLS 1.3.10 released

First published: Feb 8, 2015. Updated: Feb 16, 2015

Description mbed 1.3.10 has been released! Wait, what? mbed TLS? Yes! As part of the acquisition by ARM, PolarSSL has been rebranded as of today to mbed TLS to better show its fit inside the mbed ecosystem. You can read more about that in my blog post on the mbed Community site and in the official press release. On the security front this release fixes the (mis-numbered) Security Advisory...

PolarSSL Security Advisory 2014-04

First published: Jan 15, 2015. Updated: Feb 16, 2015

Title Remote attack using crafted certificates CVE CVE-2015-1182 Date 19th of January 2015 Affects PolarSSL 1.0 and up Not affected mbed TLS 1.3.10 and up, PolarSSL 1.2.13 and up and any version with servers not asking for client certificates Impact Denial of service and possible remote code execution Severity High Exploit Withheld PolarSSL...

PolarSSL is not vulnerable to POODLE-against-TLS

First published: Dec 10, 2014. Updated: Dec 11, 2014

The issue On December 8th it was announced that the so-called POODLE attack against the SSL 3.0 protocol actually affects some implementations of TLS 1.0, 1.1 and 1.2. Adam Langey's The Poodle Bytes Again SSL Labs' Poodle Bytes TLS Contrary to the original Poodle-against-SSL attack, the Poodle-against-TLS attack does not rely on a design flaw in the protocol, but on a bug in some...

PolarSSL is now a part of ARM

First published: Nov 24, 2014. Updated: Nov 24, 2014

I'm very happy to announce today that PolarSSL is now part of ARM. We are immensely excited to join forces with ARM as it's the front-runner in the embedded world and their expertise will give us invaluable support in expanding the PolarSSL library. Being part of the ARM team will also give us a fantastic boost in our mission to become the world's leading embedded SSL solution. We will continue...

PolarSSL 1.2.12 released

First published: Oct 24, 2014. Updated: Oct 24, 2014

Description PolarSSL 1.2.12 has been released! This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch. Security Most important is the security fix that has been back-ported to the 1.2 branch. PolarSSL 1.2.12 fixes a remotely-triggerable memory leak that was found by the Codenomicon Defensics tool. Changes Important...

PolarSSL 1.3.9 released

First published: Oct 22, 2014. Updated: Oct 23, 2014

Description PolarSSL 1.3.9 has been released! On the security front this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available. In addition two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release. No new features are introduced in this...

SSLv3 and the POODLE attack in perspective

First published: Oct 16, 2014. Updated: Oct 17, 2014

Introduction On October the 14th a paper was released on the so-called POODLE attack on SSLv3. This attack gained a lot of news presence, without introducing anything new. As a result a lot of people are asking us how to handle this. This post is to provide some insight into the real impact of the attack, and to provide guidance on the effect of and protection against the POODLE...

PolarSSL Security Advisory 2014-03

First published: Oct 16, 2014. Updated: Oct 16, 2014

Title POODLE attack on SSLv3 CVE CVE-2014-3566 Date 16th of October 2014 Affects The SSL v3 protocol Not affected TLS 1.0 and up Impact Potential disclosure of information Exploit Active Man-in-the-Middle required On October the 14th a paper was released on the so-called POODLE attack on SSLv3. This Security Advisory only describes the impact and...

PolarSSL 1.2.11 released

First published: Jul 11, 2014. Updated: Jul 11, 2014

Description PolarSSL 1.2.11 has been released! This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch. Security Most importantly are the security fixes that have been back-ported to the 1.2 branch. PolarSSL 1.2.11 fixes the following security issues for 1.2 branch users: Forbid a change of server certificate during...

PolarSSL 1.3.8 released

First published: Jul 11, 2014. Updated: Jul 11, 2014

Description PolarSSL 1.3.8 has been released! On the security front this release fixes a potential Denial of Service attack on PolarSSL entities using GCM (Security Advisory 2014-02) that was found with the Codenomicon Defensics toolkit. For the rest, this release primarily adds support for the CCM cipher mode and RSASSA-PSS signatures in X.509 structures, in addition to RAM / usage...

PolarSSL Security Advisory 2014-02

First published: Jul 10, 2014. Updated: Jul 11, 2014

Title Denial of Service against GCM enabled servers (and clients) CVE CVE-2014-4911 Date 11th of July 2014 Affects All PolarSSL versions before 1.2.11 and 1.3.8 Not affected All branches before 1.2.x and version > 1.2.10 or > 1.3.7 Impact Crash of server application (or clients by a malicious server) Exploit Withheld A denial of service against...

Calmly moving away from RC4

First published: Jun 24, 2014. Updated: Jun 26, 2014

Introduction RC4, also known as ARCFOUR or ARC4, was developed in the late 80's by Ron Rivest, and is still one of the most used ciphers in TLS. The first theoretical attacks on RC4 were uncovered in 1995, but more recently, in 2013, a group of researchers published an attack that is practical in some limited circumstances against RC4 used in TLS. While this attack is not an immediate threat in...

Providing assurance and trust in PolarSSL

First published: May 8, 2014. Updated: Jul 24, 2015

Introduction In the world of security everything resolves around trust. This naturally also applies to the PolarSSL SSL Library. Since the 'Heartbleed bug' we receive an increased number of questions like: Can I trust this source code? How do I know your SSL library does what it claims to do? Who made PolarSSL? Are there any backdoors built in? Are there any (known) security...

PolarSSL 1.3.7 released

First published: May 2, 2014. Updated: May 2, 2014

Description PolarSSL 1.3.7 has been released! This release contains a number of smaller changes and bug fixes, which don't affect the existing API. New features are improvements to the Debug module and the ability for users to detect compiled in capabilities at run-time. In addition it includes improvements to AES-NI portability and support for more X.509 Attribute Types. Features On the...

PolarSSL 1.3.6 released

First published: Apr 11, 2014. Updated: Apr 11, 2014

Description Fresh from the oven: PolarSSL 1.3.6 is here! This release contains a number of smaller changes and bug fixes, which don't affect the existing API. Primarily, support for the ALPN extension is added, and extra checks are introduced to mitigate some semantic discrepancies that were reported. In addition a security issue introduced in 1.3.5 has been fixed. Features On the...

PolarSSL Security Advisory 2014-01

First published: Apr 8, 2014. Updated: Apr 8, 2014

Title Heartbleed Bug CVE CVE-2014-0160 Date 8th of April 2014 Affects PolarSSL not affected Not affected All version of PolarSSL Impact Recovery of the key material Exploit None There is a lot of news about a new high-impact vulnerability called 'The Heartbleed Bug' that affects OpenSSL. This Security Advisory is to inform PolarSSL users about...

PolarSSL 1.3.5 released

First published: Mar 26, 2014. Updated: Mar 27, 2014

Description PolarSSL 1.3.5 is here! This release contains a number of larger changes, which don't break existing API and ABI compatibility. For Bitcoin applications we've added support for SpecifiedECDomain elliptic curve keys. And a new and improved platform compatibility layer is introduced. Features On the feature-front this release introduces support for: HMAC-DRBG as a seperate module a...

PolarSSL 1.3.4 released

First published: Jan 27, 2014. Updated: Jan 27, 2014

Description The first feature release for the year 2014: PolarSSL 1.3.4! It's a small release that mainly just adds support for some new features. PolarSSL 1.3.4 adds some features required within Bitcoin applications, such as support for the RIPEMD-160 hash algorithm and support for Koblitz elliptic curves, and then specifically secp256k1. Features On the feature-front this release introduces...

PolarSSL 1.3.3 released

First published: Dec 31, 2013. Updated: Dec 31, 2013

Description Our parting gift for the year 2013: PolarSSL 1.3.3! We'd really like to thank everybody for the great year we had! Loads of new features, great feedback from our users and the energy to push even further in 2014! This feature release adds a bunch of new features, improvements and fixes. Features On the feature-front this release introduces support for: new cryptographic...

PolarSSL 1.3.2 released

First published: Nov 5, 2013. Updated: Nov 5, 2013

Description This is a small release adds a few new features but mostly increases support for different platforms and interoperability with other libraries. On the feature-front this release introduces optional optimizations for speeding up the NIST MODP elliptic curves. This feature can be enabled/disabled with POLARSSL_ECP_NIST_OPTIM. Furthermore we've added support for Camellia GCM mode and...

PolarSSL 1.3.1 released

First published: Oct 15, 2013. Updated: Oct 15, 2013

Description This release introduces a few new features. First, it adds support for the Brainpool Elliptic Curves (and their use in SSL ciphersuites) as defined in the new RFC 7027. After all the talk about possible involvement of the NSA in the NIST curves, we wanted to offer an alternative as soon as possible. As far as we know this is the first library to release a version with support for...

PolarSSL 1.2.10 released

First published: Oct 7, 2013. Updated: Oct 7, 2013

Description Changes The RSA blinding method introduced in PolarSSL 1.2.9 was not thread-safe. PolarSSL 1.2.10 uses a slower, but thread-safe version of blinding the RSA private operation. Bug fixes A memory leak in RSA blinding has been fixed in addition to the Microsoft Visual Studio (MSVC) project files we deliver with our source code. Who should update Our advice for users of the PolarSSL...

PolarSSL Security Advisory 2013-04

First published: Oct 1, 2013. Updated: Oct 8, 2013

Title Buffer overflow in ssl_read_record() CVE CVE-2013-5914 Date 1st of October 2013 Affects PolarSSL versions prior to 1.1.8 Not affected PolarSSL 1.2.0 and above Impact Possible remote exploit Exploit Withheld Solution Upgrade to PolarSSL 1.1.8, or 1.2.0 and later Credits independently found by both TrustInSoft and Paul Brodeur of...

PolarSSL Security Advisory 2013-05

First published: Oct 1, 2013. Updated: Oct 3, 2013

Title Timing Attack against protected RSA-CRT implementation used in PolarSSL CVE CVE-2013-5915 Date 1st of October 2013 Affects PolarSSL versions prior to 1.2.9 and 1.3.0 Not affected PolarSSL 1.3.0 and above Impact Recovery of the private RSA key Exploit Withheld Solution Upgrade to PolarSSL 1.3.0 or 1.2.9 Credits Cyril Arnaud and...

PolarSSL 1.1.8 released

First published: Oct 1, 2013. Updated: Oct 1, 2013

Description Bug fixes A number of small memory leaks and file descriptor leaks in uncommon situations have been fixed. Security A potential remote buffer overflow in ssl_read_record() that has been independently found by both TrustInSoft and Paul Brodeur of Leviathan Security Group) has been fixed in this release. More details can be found in Security Advisory 2013-04. Who should update Our...

PolarSSL 1.2.9 released

First published: Oct 1, 2013. Updated: Oct 3, 2013

Description Changes The x509_verify() function now matches the domain name given to it in cn in a case insensitive way as per RFC 6125 section 6.4. Bug fixes A number of small memory leaks and file descriptor leaks in uncommon situations have been fixed. Security A remote timing attack that can recover the RSA private key (Security Advisory 2013-05) has been fixed. Warning: the fix makes it...

PolarSSL 1.3.0 released

First published: Oct 1, 2013. Updated: Oct 1, 2013

Description The first version of the new feature branch 1.3 is now released as PolarSSL version 1.3.0! This branch brings a number of major new features, internal changes, bug fixes and security fixes. We made separate articles on all the new features in PolarSSL 1.3.0 and how to migrate from the PolarSSL 1.2 branch to the PolarSSL 1.3 branch. Check it out and let us know if you run into any...

New features in PolarSSL 1.3.0

First published: Oct 1, 2013. Updated: Oct 3, 2013

Description PolarSSL 1.3.0 brings some major new features for PolarSSL. I'd like to walk you through a number of the more significant ones. Elliptic Curve cryptography We have added full support for Elliptic Curve cryptography, Elliptic Curve Diffie Hellman (ECDH) and the Elliptic Curve Digital Signature Algorithm (ECDSA). The X509 parse module and SSL layer have been modified to correctly...

PolarSSL 1.3.0 RC0 ready for checking

First published: Sep 18, 2013. Updated: Sep 18, 2013

Description This is the first (and probably final) release candidate (RC0) of the 1.3.0 release. The 1.3 branch brings a number of major new features, internal changes, bug fixes and security fixes. In the coming days we will dive into the new features in more detail and show you how to migrate from the 1.2 branch to the 1.3 branch. But now we need your help with testing compilation on different...

A heapless existence (a stack-based dynamic memory allocator)

First published: Jul 19, 2013. Updated: Jul 25, 2013

Dynamic memory allocation troubles Life in the embedded world is not always as easy as on other platforms. If you do not have a full operating system running, you also lack a real memory manager. The standard solution: Do not use dynamic memory. In most cases you do not really need it. With something like an SSL libary, this becomes harder. Connections are created on-demand and those...

PolarSSL Security Advisory 2013-03

First published: Jun 21, 2013. Updated: Aug 22, 2013

Title Denial of Service through Certificate message during handshake CVE CVE-2013-4623 Date 21th of June 2013 Affects PolarSSL versions prior to 1.1.7 or 1.2.8 Not affected PolarSSL Clients / Servers without PEM support (POLARSSL_PEM_C not defined) Impact Denial of service through infinite loops Exploit Withheld Solution Upgrade to PolarSSL 1.1.7...

PolarSSL 1.2.8 released

First published: Jun 21, 2013. Updated: Jun 21, 2013

Description Features This release adds parsing of PKCS#8 encrypted private key files (-----BEGIN ENCRYPTED PRIVATE KEY-----) with Password Based Encryption (PBE) functions as defined in PKCS#5 v2 (3-key Triple DES) and in PKCS#12 (3-key Triple DES, 2-key Triple DES, RC4-128). The user-changeable value configuration defines in the module headers can now also be controlled centrally from...

PolarSSL 1.1.7 released

First published: Jun 21, 2013. Updated: Jun 21, 2013

Description This bugfix release primarily backports a security fix and some small bug-fixes from the PolarSSL 1.2 branch and current development branch. Changes The HAVEGE random generator is now disabled by default. Although it provides (limited) entropy on most systems, it should never be the primary entropy source for the system. Bug fixes Smaller fixes, see the ChangeLog for more...

PolarSSL 1.3-alpha1 preview

First published: Apr 19, 2013. Updated: Apr 19, 2013

Description A first preview at the new developments in the 1.3 branch! Check it out and let us know if you run into any issues! Features One major feature that is added is Elliptic Curve cryptography and the support for the ECDHE-RSA ciphersuites. In addition the Pre-shared key ciphersuites based on PSK and DHE-PSK have both been added to the core. Changes The internals of a lot of modules...

PolarSSL 1.2.7 released

First published: Apr 13, 2013. Updated: Apr 13, 2013

Description Features With the recent new attack on RC4 ciphersuites, in combination with the existing BEAST and similar attacks, some applications benefit from having different ciphersuite preferences depending on the SSL / TLS protocol version used. This release adds the ability to specify the allowed ciphersuite per protocol version with ssl_set_ciphersuites_for_version(). Changes The...

PolarSSL Security Advisory 2013-02

First published: Mar 13, 2013. Updated: Jul 12, 2013

Title RC4 ciphersuites in SSL and TLS vulnerable CVE Unknown Date 13th of March 2013 Affects all SSL libraries including PolarSSL Not affected AES-GCM-based or CBC-based ciphersuites. Servers and clients that only communicate over a private network Impact Possible (partial) recovery of plaintext Exploit Withheld Solution Disable RC4-based...

PolarSSL 1.1.6 released

First published: Mar 11, 2013. Updated: Mar 15, 2013

Description This release contains backported patches from the PolarSSL 1.2 branch to the PolarSSL 1.1 branch! Security related The main reason of this release is the reduction of a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message. Check out PolarSSL Security Advisory 2013-01 for more information. To...

PolarSSL 1.2.6 released

First published: Mar 11, 2013. Updated: Mar 15, 2013

Description Security related This release further reduces a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message. In addition, a possible timing difference due to bad padding in PKCS#1 v1.5 operations has been reduced. Contains fixes for: CVE-2013-0169 - TLS and DTLS protocol issue (Lucky...

PolarSSL Security Advisory 2013-01

First published: Feb 2, 2013. Updated: Jul 12, 2013

Title Lucky thirteen - timing side channel during decryption CVE CVE-2013-0169 Date 4th of February 2013 (Updated on 11th of March 2013) Affects all checked SSL libraries including PolarSSL versions prior to PolarSSL 1.2.6 Not affected AES-GCM-based or RC4-based ciphersuites. Servers and clients that only communicate over a private network Impact Possible...

PolarSSL 1.2.5 released

First published: Feb 2, 2013. Updated: Mar 11, 2013

Description This release fixes a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message. Check out PolarSSL Security Advisory 2013-01 for more information. In addition some flags have been added to manipulate behaviour of the SSL module with regards of sending of non-critical alert messages (from an...

PolarSSL 1.2.4 released

First published: Jan 25, 2013. Updated: Feb 2, 2013

Description This bug fix release patches a few small issues. CertificateRequest Handshake messages are now correctly handled in the future, if a new version of TLS sees the light. An SSL client now correctly handles a CertificateRequest message sent in TLS 1.1 or earlier that has an empty Distinguished Names list. In addition a memory leak when performing PKCS#1 v2.1 operations (RSA_PKCS_V21) has...

Bugfix release PolarSSL 1.1.5

First published: Jan 16, 2013. Updated: Jan 16, 2013

PolarSSL version 1.1.5 available This bugfix release backports a number of bugfixes from the 1.2 branch back into the 1.1 branch. No new features are added in this release. If you are using the 1.1 branch we strongly encourage you to check out the changes in the ChangeLog and update your version if necessary. From the ChangeLog Bugfixes * Fixed MPI assembly for SPARC64 platform * Handle...

PolarSSL 1.2.3 released

First published: Nov 26, 2012. Updated: Nov 26, 2012

This bug fix release patches a single issues that was left unpatched in the release of 1.2.2. This fixes the sizes included in the CertificateRequest message sent by the SSL server. From the ChangeLog Bugfixes Server not always sending correct CertificateRequest message Download links Get your copy here: polarssl-1.2.3-gpl.tgz Hashes The hashes for polarssl-1.2.3-gpl.tgz are: SHA-1 :...

PolarSSL 1.2.2 released

First published: Nov 24, 2012. Updated: Nov 24, 2012

This bug fix release patches some issues that people found in the 1.2 branch. The most important fix is client authentication on the server side in SSL/TLS. In the previous version enabling client authentication (SSL_VERIFY_OPTIONAL or SSL_VERIFY_REQUIRED) resulted in a failed connection on the server side. From the ChangeLog Changes Added p_hw_data to ssl_context for context specific...

PolarSSL 1.2.1 released

First published: Nov 20, 2012. Updated: Nov 20, 2012

This bug fix release patches some issues that people found in the 1.2.0 release. Mostly fixes for making Microsoft Visual C 6.0 (MSVC6) work with the new release and a few minor bugs and sanity checks have been added. The biggest change is the depth value that a certificate verify callback will receive. It is now counted from the certificate you are checking up, with the peer cert itself being...

PolarSSL 1.2.0 released

First published: Nov 10, 2012. Updated: Nov 10, 2012

A terse write-up of the changes can be found in the ChangeLog (see in the code or below). More relevant is what this release will mean for you. First and foremost is the addition of support for TLS 1.2. On a cryptographic front Galois Counter Mode for AES was added, the Blowfish symmetric algorithm and PBKDF2. We have done a lot of internal rework and a number of changes that can impact some of...

PolarSSL Security Advisory 2012-01

First published: Oct 14, 2012. Updated: Oct 14, 2012

Title Weak Diffie-Hellman and RSA key generation CVE CVE-2012-2130 Date 23th of April 2012 Affects PolarSSL 0.99-pre4 up to and including PolarSSL 1.1.1 Not affected Instances not using Diffie-Hellman key exchange and not using prime or RSA key generation Impact Weak prime generation and key negotiation resulting in possible breach of confidentiality and...

PolarSSL Security Advisory 2011-02

First published: Oct 14, 2012. Updated: Jul 12, 2013

Title Weak random number generation within virtualized environments CVE CVE-2011-4574 Date 15th of December 2011 Affects All version of PolarSSL prior to 1.1.0 Not affected Instances not running in virtualized environments Impact Key retrieval possible Exploit Withheld Solution Upgrade to PolarSSL 1.1.0 and move to CTR_DRBG random generator ...

PolarSSL Security Advisory 2011-01

First published: Oct 14, 2012. Updated: Jul 12, 2013

Title Possible man in the middle in Diffie Hellman key exchange CVE CVE-2011-1923 Date 25th of February 2011 Affects PolarSSL library 0.14.0 and earlier and PolarSSL 0.99-pre1 Not affected Instances not using ciphersuites that are based on Diffie-Hellman key-exchange Impact Possible man in the middle Exploit Withheld Solution Upgrade to PolarSSL...

Bugfix release PolarSSL 1.1.4 available

First published: Oct 14, 2012. Updated: Nov 10, 2012

PolarSSL version 1.1.4 available This bugfix release fixes handling of empty packets in SSL/TLS, a potential heap corruction when using x509_free() and a single RSA test that failed on Big Endian systems. From the ChangeLog Bugfixes * Correctly handle empty SSL/TLS packets (Found by James Yonan) * Fixed potential heap corruption in x509_name allocation * Fixed single RSA test that...