Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.2.8 released



This release adds parsing of PKCS#8 encrypted private key files (-----BEGIN ENCRYPTED PRIVATE KEY-----) with Password Based Encryption (PBE) functions as defined in PKCS#5 v2 (3-key Triple DES) and in PKCS#12 (3-key Triple DES, 2-key Triple DES, RC4-128).

The user-changeable value configuration defines in the module headers can now also be controlled centrally from config.h.


The HAVEGE random generator is now disabled by default. Although it provides (limited) entropy on most systems, it should in our opinion never be the primary entropy source for the system.

A mechanism was added in config.h to allow overriding of the base PolarSSL implementations of the core symmetric cipher and hash algorithm functions. E.g. by defining POLARSSL_AES_ALT in config.h, aes_alt.h is included in PolarSSL to allow a self-provided implementation of the core AES functions.

The PBKDF2 module has been moved to a PKCS#5-specific module.

Bug fixes

Secure renegotiation extension is now only sent in case the client supports secure renegotiation. Improves compatibility with older clients.

Fixed support for Thumb2 and LLVM compiler (thanks to James Yonan from OpenVPN)

Other smaller fixes, see the ChangeLog for more details.


A possible DoS during the SSL Handshake has been found by Jack Lloyd and fixed in this release. More details can be found in Security Advisory 2013-03.

Who should update

Our advice for users of the PolarSSL 1.2 branch is to update!

Download links

Get your copy here: polarssl-1.2.8-gpl.tgz


The hashes for polarssl-1.2.8-gpl.tgz are:

SHA-1  : a3e69d4e9302529c5006dcb7d8ecab9c99488036
SHA-256: 23cf931e322ab397d26c89b7e805cf2229df46c5196f4f67ebfc0e285848637b

Like this?




Last updated:
Jun 21, 2013


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.