Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.2.9 released



The x509_verify() function now matches the domain name given to it in cn in a case insensitive way as per RFC 6125 section 6.4.

Bug fixes

A number of small memory leaks and file descriptor leaks in uncommon situations have been fixed.


A remote timing attack that can recover the RSA private key (Security Advisory 2013-05) has been fixed. Warning: the fix makes it impossible to use the same x509 certificate in multiple threads at the same time (which was possible before) or you have to disable CRT (POLARSSL_RSA_NO_CRT). The version in PolarSSL 1.3.0 is thread-safe.

A couple of possible local overflows have been fixed. Check the ChangeLog for more details.

Who should update

Our advice for users of the PolarSSL 1.2 branch is to update!

Download links

Get your copy here: polarssl-1.2.9-gpl.tgz


The hashes for polarssl-1.2.9-gpl.tgz are:

SHA-1  : c870ba466ddf6a9fc3b62c57bf8a316c331f104b
SHA-256: d125a6e7eb6eb3e5110035df1469099c5463837b1ef734e60771095dafc0ef56

Like this?




Last updated:
Oct 3, 2013


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.