Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.2.0 released

A terse write-up of the changes can be found in the ChangeLog (see in the code or below).

More relevant is what this release will mean for you. First and foremost is the addition of support for TLS 1.2. On a cryptographic front Galois Counter Mode for AES was added, the Blowfish symmetric algorithm and PBKDF2.

We have done a lot of internal rework and a number of changes that can impact some of your code.

Changes that will affect you:

  • Ciphersuite names have grown historically. We have decided to rename all ciphersuites to comply with the IANA defined values. So if you have hard-coded your cipersuite-list, please change the names accordingly. The newly defined names can be found in ssl.h.

  • Within the SSL/TLS module, the DHM parameters are set to sane defaults. So there is no need to call ssl_set_dh_param() in your code unless unless you specifically know what you are doing. Our advice: Remove the call from your code, unless it is there for a specific reason. A number of Diffie-Hellman groups are pre-defined in dhm.h.

  • The session caching mechanism has been revamped internally and externally. The original ssl_set_scb() function has been removed. For providing a session cache, you have to use ssl_set_session_cache() instead. PolarSSL now provides a simple (non-thread-safe) version in ssl_session.c. You should NOT call ssl_set_session() unless you want to set a specific session to resume. The library does not require a call anymore like it used to. So we advise you to remove the call to ssl_set_session() from your code, unless you are implementing manual session resumption. The rest is done through the session cache.

New features that don't have impact unless you want:

  • DEFLATE compression in SSL/TLS. If you have libz available, you can enable compression within PolarSSL.
  • TLS1.2. PolarSSL now supports TLS 1.2. It is used automatically if your peer supports it.
  • PolarSSL now supports Wildcard and multi-domain certificates.
  • For the server side, the ServerName extension parsing (SNI) has been implemented, allowing you to hook into the handshake and provide the appropriate server certificate and key for specific domains.

From the ChangeLog


  • Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!
  • Added support for wildcard certificates
  • Added support for multi-domain certificates through the X509 Subject Alternative Name extension
  • Added preliminary ASN.1 buffer writing support
  • Added preliminary X509 Certificate Request writing support
  • Added key_app_writer example application
  • Added cert_req example application
  • Added base Galois Counter Mode (GCM) for AES
  • Added TLS 1.2 support (RFC 5246)
  • Added GCM suites to TLS 1.2 (RFC 5288)
  • Added commandline error code convertor (util/strerror)
  • Added support for Hardware Acceleration hooking in SSL/TLS
  • Added OpenSSL / PolarSSL compatibility script (tests/compat.sh) and example application (programs/ssl/o_p_test) (requires OpenSSL)
  • Added X509 CA Path support
  • Added Thumb assembly optimizations
  • Added DEFLATE compression support as per RFC3749 (requires zlib)
  • Added blowfish algorithm (Generic and cipher layer)
  • Added PKCS#5 PBKDF2 key derivation function
  • Added Secure Renegotiation (RFC 5746)
  • Added predefined DHM groups from RFC 5114
  • Added simple SSL session cache implementation
  • Added ServerName extension parsing (SNI) at server side
  • Added option to add minimum accepted SSL/TLS protocol version


  • Removed redundant POLARSSL_DEBUG_MSG define
  • AES code only check for Padlock once
  • Fixed const-correctness mpi_get_bit()
  • Documentation for mpi_lsb() and mpi_msb()
  • Moved out_msg to out_hdr + 32 to support hardware acceleration
  • Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present (Closes ticket #56)
  • Cipher layer cipher_mode_t POLARSSL_MODE_CFB128 is renamed to POLARSSL_MODE_CFB, to also handle different block size CFB modes.
  • Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)
  • Revamped session resumption handling
  • Generalized external private key implementation handling (like PKCS#11) in SSL/TLS
  • Revamped x509_verify() and the SSL f_vrfy callback implementations
  • Moved from unsigned long to fixed width uint32_t types throughout code
  • Renamed ciphersuites naming scheme to IANA reserved names


  • Fixed handling error in mpi_cmp_mpi() on longer B values (found by Hui Dong)
  • Fixed potential heap corruption in x509_name allocation
  • Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
  • mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52)
  • Handle encryption with private key and decryption with public key as per RFC 2313
  • Handle empty certificate subject names
  • Prevent reading over buffer boundaries on X509 certificate parsing
  • mpi_add_abs() now correctly handles adding short numbers to long numbers with carry rollover (found by Ruslan Yushchenko)
  • Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
  • Fixed MPI assembly for SPARC64 platform


  • Fixed potential memory zeroization on miscrafted RSA key (found by Eloi Vanderbeken)

Download links

Get your copy here: polarssl-1.2.0-gpl.tgz


The hashes for polarssl-1.2.0-gpl.tgz are:

MD5    : 0dd84d996891a10d91b6a01d1de01cbe
SHA-1  : e7a9d3897c656feafdd48eb1a9836ee81a58a741
SHA-256: 7cd9e26b998900f1c96ccf87a8dd833270ebe8fe50db86a7cf25a5934889001d

Like this?




Last updated:
Nov 10, 2012


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.