Mbed TLS is now part of TrustedFirmware.org.

PolarSSL is not vulnerable to POODLE-against-TLS

The issue

On December 8th it was announced that the so-called POODLE attack against the SSL 3.0 protocol actually affects some implementations of TLS 1.0, 1.1 and 1.2.

Contrary to the original Poodle-against-SSL attack, the Poodle-against-TLS attack does not rely on a design flaw in the protocol, but on a bug in some implementations, which incorrectly chose to reuse their SSL 3.0 implementation of padding for TLS 1.0 and higher.

PolarSSL status

PolarSSL implements the relevant RFCs properly, so it is not affected by this issue. Users running PolarSSL on both ends of the connection are not vulnerable to the Poodle-against-TLS attack.

Users running PolarSSL on one end and a vulnerable implementation (so far only some F5 and A10 devices are known to be vulnerable) on the other end, might be affected. See our previous post on POODLE for more details on the scope of the attack and possible counter-measures. Obviously the best fix is to get the other end to patch their implementation.

Like this?




Last updated:
Dec 11, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.