Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.2.11 released


PolarSSL 1.2.11 has been released!

This release is a back-port of all bug fixes and security fixes that are in the 1.3 branch and are relevant for the 1.2 branch.


Most importantly are the security fixes that have been back-ported to the 1.2 branch. PolarSSL 1.2.11 fixes the following security issues for 1.2 branch users:

  • Forbid a change of server certificate during renegotiation to prevent the so-called "triple handshake" attack when authentication mode is optional (the attack was already impossible when authentication is required) .
  • Check notBefore timestamp of certificates and CRLs from the future.
  • Forbid sequence number wrapping
  • Prevent potential NULL pointer dereference in ssl_read_record() (found by TrustInSoft)
  • Fix length checking for AEAD ciphersuites (found by Codenomicon Defensics toolkit). It was possible to crash the server (and client) using crafted messages when a GCM suite was chosen.

Details on all the bug fixes can be found in the ChangeLog.

Who should update

We advise users of PolarSSL to update if they:

  • use any branch other than the 1.3 branch.

Download links

Get your copy here: polarssl-1.2.11-gpl.tgz


The hashes for polarssl-1.2.11-gpl.tgz are:

SHA-1  : 40cb3a833245273946c2075e6c948bbcda8a1be9
SHA-256: b3e9d059c687980976b468d8260f658e9003aede1dbc4a918526e90abdaa7d75

Like this?




Last updated:
Jul 11, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.