The maintenance releases polarssl-1.2.15 and mbedtls-1.3.12 for respectively the 1.2 and 1.3 branch have been released.
These releases are mainly fixing a number of outstanding issues and security fixes that have been back-ported from the 2.0 branch.
In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits.
In addition the default size for the Diffie-Hellman parameters on the server are increased to 2048 bits. This can be changed with
ssl_set_dh_params() in case this is necessary.
Changes in this release include:
- Add SSL_MIN_DHM_BYTES configuration parameter in config.h to choose the minimum size of Diffie-Hellman parameters accepted by the client.
- The PEM parser now accepts a trailing space at end of lines.
- Fix thread-safety issue in SSL debug module (found by Edwin van Vliet).
- Some example programs were not built using make, not included in Visual Studio projects (found by Kristian Bendiksen).
- Fix build error with CMake and pre-4.5 versions of GCC (found by Hugo Leisink).
- Fix missing
-static-ligccwhen building shared libraries for Windows with make.
- Fix compile error with armcc5 --gnu.
More details can be found in the ChangeLog.
Who should update
We advise users of mbed TLS (and PolarSSL) to update when relying on Diffie-Hellman key exchanges.
Get your copy here:
The hashes for mbedtls-1.3.12-gpl.tgz are:
SHA-1 : 8d47de89f3e9cd54c099a9ecea32321a9b81ad66 SHA-256: d2ef3d5d749d8dd484c8057526f7b404a9155e74cb7bdf1316a927c7a1035871
The hashes for polarssl-1.2.15-gpl.tgz are:
SHA-1 : b1da505ce79637a49e29d12a6beb2c1f74d84a72 SHA-256: cf35b0ec818c2543027ff69c65ca6ac8a0c268cbd698da863479266af0ace344