Mbed TLS is now part of TrustedFirmware.org.

mbed TLS 2.2.1, 2.1.4, 1.3.16 and PolarSSL 1.2.19 released


mbed TLS version 2.2.1 has been released, as well as maintenance releases of stable branches, mbed TLS 2.1.4 and 1.3.16, and PolarSSL 1.2.19.

mbed TLS version 2.2.1 addresses a non-remotely exploitable security issue, strengthens security defaults, and fixes a few bugs. Each maintenance release contains backports of the relevant fixes.


  • (2.2, 2.1, 1.3) Fixes a potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. This was only used for certificate generation and was not triggerable remotely in SSL/TLS. The original issues was found by RafaƂ Przywara, in #367
  • (2.2, 2.1, 1.3) Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL).


  • (2.2, 2.1, 1.3) Fixes an over-restrictive length limit in GCM. Found by Andreas-N. #362
  • (all branches) Fixes a bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has a pathLenConstraint equal to zero. Found by Nicholas Wilson and introduced in the previous release. #280
  • (all branches) Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by JayaraghavendranK.
  • (2.2, 2.1) Fixes suboptimal handling of unexpected records that caused interop issues with some peers over unreliable links. We now avoid dropping an entire DTLS datagram if a single record in a datagram is unexpected, and instead only drop the record and look at subsequent records (if any are present) in the same datagram. Found by jeannotlapin. #345


  • (1.3) Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to control use of MD5-based signatures for TLS 1.2 handshake (disabled by default).

Who should update

Users affected by one of the issues should update.

Users of the PolarSSL 1.2 branch are urged to upgrade to one of the maintained branches as 1.2 is now end-of-life and will no longer receive security fixes.

Download links

Get your copy here:


The hashes for files/mbedtls-2.2.1-apache.tgz are:

SHA-1: d2ff60fad7191dbb5b81ff6c22769964e5a7d53d
SHA-256: 6ddd5ca2e7dfb43d2fd750400856246fc1c98344dabf01b1594eb2f9880ef7ce

The hashes for files/mbedtls-2.2.1-gpl.tgz are:

SHA-1: 513f8cd8afd82e3181ab742eefcfe32fc1a4594d
SHA-256: bb1bffa3ac5ab143be2aae3d45a7a92b36112888ef465024d83724865fe62974

The hashes for files/mbedtls-2.1.4-apache.tgz are:

SHA-1: de4e18e55b8b933540e4eda4cb73dac5ceecd9fe
SHA-256: ee61c4a782a50e69802605f86eda9eb77d3606f4c7d88f70642053df683b4365

The hashes for files/mbedtls-2.1.4-gpl.tgz are:

SHA-1: a2d745da5ae025509b459b1e78eb090f7251d3ff
SHA-256: 113384533b02cfdbbdf0994132b28911ef97c5e71507cec76ead571f984db991

The hashes for files/mbedtls-1.3.16-gpl.tgz are:

SHA-1: 775486e7af1112bbc623f122353e48cb3a8f76a9
SHA-256: f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933

The hashes for files/polarssl-1.2.19-gpl.tgz are:

SHA-1: ea77f5c61b0ba9ae0a033fdb0260b87cb812d5b5
SHA-256: 24cb1608a160101ead3c7240f35fc447fe7880cd60f7ed6c9db7a1d773ccd4b8

Like this?




Last updated:
Jan 6, 2016


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.