Mbed TLS is now part of TrustedFirmware.org.

mbed TLS 2.1.1 and 1.3.13, and PolarSSL 1.2.16 released


The maintenance releases mbed TLS 2.1.1, mbed TLS 1.3.13 and PolarSSL 1.2.16 for respectively the 2.0, 1.3 and 1.2 branches have been released.

These releases are mainly fixing a number of outstanding issues and security fixes that have been back-ported from the 2.0 branch.


Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures. These releases include countermeasures against that attack.

Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This dereference can only occur when misusing the API, although a fix has still been implemented.


Behaviour for 1.3.13 is changed in this release to accept a certificate chain when it reached an intermediate certificate that is trusted.

For mbed TLS 2.1.1 one API call prototype was changed (mbedtls_ssl_conf_cert_profile()) and reconnections from DTLS clients from the same port as a live connection have been made possible.

Bug fixes

Fixes include:

  • Setting SSL_MIN_DHM_BYTES in config.h had no effect (overriden in ssl.h) (found by Fabio Solari) (#256)
  • Fix bug in mbedtls_rsa_public() and mbedtls_rsa_private() that could result trying to unlock an unlocked mutex on invalid input (found by Fredrik Axelsson) (#257)
  • Fix -Wshadow warnings (found by hnrkp) (#240)
  • Fix unused function warning when using MBEDTLS_MDx_ALT or MBEDTLS_SHAxxx_ALT (found by Henrik) (#239)
  • Fix memory corruption in pkey programs (found by yankuncheng) (#210)
  • Fix memory corruption on client with overlong PSK identity, around SSL_MAX_CONTENT_LEN or higher - not triggerrable remotely (found by Aleksandrs Saveljevs) (#238)
  • Fix off-by-one error in parsing Supported Point Format extension that caused some handshakes to fail.

More details can be found in the ChangeLog of each respective version.

Who should update

We advise users of mbed TLS (and PolarSSL) to update when relying on DHE-RSA or ECDHE-RSA key exchanges.

Download links

Get your copy here:


The hashes for mbedtls-2.1.1-apache.tgz are:

SHA-1  : f4348b730a8731f5ed2bacb458ffa053798cc5ff
SHA-256: 8f25b6f156ae5081e91bcc58b02455926d9324035fe5f7028a6bb5bc0139a757

The hashes for mbedtls-2.1.1-gpl.tgz are:

SHA-1  : fa38657ad39afac54aab274b038133c24d063120
SHA-256: 22c76e9d8036a76e01906423b3e8a02ab0ef84027f791bd719fff8edee9c61a9

The hashes for mbedtls-1.3.13-gpl.tgz are:

SHA-1  : 465dd804e6c7bbe72f0d6d21c3158325699c5448
SHA-256: 3f457aefdaf46f42b6fc50f5226c32c37731279fe20e97e322282aca0143bb97

The hashes for polarssl-1.2.16-gpl.tgz are:

SHA-1  : a0679e9ef3ee98b79ab7998e39e58795bc5f4e12
SHA-256: 3c0b86866f1806262ff0a9c08dc56c5906ac5cefd866d85814e43f5e1694ee87

Like this?




Last updated:
Sep 22, 2015


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.