Mbed TLS is now part of TrustedFirmware.org.

Mbed TLS 2.16.1 and 2.7.10 released


Maintenance releases for Mbed TLS 2.16 and Mbed TLS 2.7 are now available.



  • (2.16) Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
  • (2.16, 2.7) Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. Raised as a comment in #1996.
  • (2.16) Reduce the stack consumption of mbedtls_mpi_fill_random() which could previously lead to a stack overflow on constrained targets.
  • (2.16) Add MBEDTLS_SELF_TEST for the mbedtls_self_test functions in the header files, which missed the precompilation check. #971
  • (2.16, 2.7) Fix clobber list in MIPS assembly for large integer multiplication. Previously, this could lead to functionally incorrect assembly being produced by some optimizing compilers, showing up as failures in e.g. RSA or ECC signature operations. Reported in #1722, fix suggested by Aurelien Jarno and submitted by Jeffrey Martin.
  • (2.16) Fix signed-to-unsigned integer conversion warning in X.509 module. Fixes #2212.
  • (2.16, 2.7) Reduce stack usage of mpi_write_hlp() by eliminating recursion. Fixes #2190.
  • (2.16, 2.7) Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326.
  • (2.16) Remove the mbedtls namespacing from the header file, to fix a "file not found" build error. Fixed by Haijun Gu #2319.
  • (2.16, 2.7) Fix returning the value 1 when mbedtls_ecdsa_genkey() failed.
  • (2.16) Fix false failure in all.sh when backup files exist in include/mbedtls (e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407.
  • (2.16, 2.7) Ensure that unused bits are zero when writing ASN.1 bitstrings when using mbedtls_asn1_write_bitstring().
  • (2.16, 2.7) Fix issue when writing the named bitstrings in KeyUsage and NsCertType extensions in CSRs and CRTs that caused these bitstrings to not be encoded correctly as trailing zeroes were not accounted for as unused bits in the leading content octet. Fixes #1610.


  • (2.16, 2.7) Include configuration file in all header files that use configuration, instead of relying on other header files that they include. Inserted as an enhancement for #1371
  • (2.16, 2.7) Add support for alternative CSR headers, as used by Microsoft and defined in RFC 7468. Found by Michael Ernst. Fixes #767.
  • (2.16) Fix configuration queries in ssl-opt.h. #2030
  • (2.16) Ensure that ssl-opt.h can be run in OS X. #2029
  • (2.16, 2.7) Reduce the complexity of the timing tests. They were assuming more than the underlying OS actually guarantees.
  • (2.16) Re-enable certain interoperability tests in ssl-opt.sh which had previously been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
  • (2.16, 2.7) Ciphersuites based on 3DES now have the lowest priority by default when they are enabled.

Who should update

We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Download links

Get your copy here:


The hashes for mbedtls-2.16.1-apache.tgz are:

SHA-1: e7d1890a357cff5106d749c588a13a60a4d03055
SHA-256: ebd06d1342cdc7af506835ae16b84f839a4807c36615ffb4bb558ac51e42ff23

The hashes for mbedtls-2.16.1-gpl.tgz are:

SHA-1: 503f67a4abb910f8d86889111cfd003f5a1e041b
SHA-256: 7ab76eaefab0b02f26ca889230d553facb2598f3a8f077886c41ec1801d2131a

The hashes for mbedtls-2.7.10-apache.tgz are:

SHA-1: c8306ebfdc5d2138462f0c935f830919b3fbf8fe
SHA-256: 13c2783de69e9b403fb69a505024e086f1767b1b1513430ecad9572e485d8a13

The hashes for mbedtls-2.7.10-gpl.tgz are:

SHA-1: 5f680692c4dd650967bbe59aab57d35a042a504d
SHA-256: 268e2a2aa328f4f6ffb1ea48dcbbc477896f88581561f1fe809638425e98d06a

Like this?




Last updated:
Mar 27, 2019


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.