Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.3.7 released


PolarSSL 1.3.7 has been released!

This release contains a number of smaller changes and bug fixes, which don't affect the existing API. New features are improvements to the Debug module and the ability for users to detect compiled in capabilities at run-time. In addition it includes improvements to AES-NI portability and support for more X.509 Attribute Types.


On the feature-front this release introduces:

  • Debug module improvements
  • run-time capabilities checking
  • AES-NI improvements
  • deprecation of POLARSSL_CONFIG_OPTIONS
  • support for more Attribute Types from IETX PKIX (RFC 5280)
  • re-prioritization of RC4 ciphersuite

In addition outstanding bugs were fixed.

Debug module improvements

For starters, the debug module now only outputs full lines. Previous version output partial line content for some debug functions, which makes multi-threaded use harder.

In order to offer more flexibility for debug output, debug_set_log_mode() is introduced which allows you to switch between FULL log mode and RAW log mode. FULL log mode is the default and includes file and line information in the log message. RAW log mode strips the file and line information from the log message and provides cleaner debug messages.

Additionally debug_set_threshold() is introduced. Previous versions allow you to filter SSL debug messages in the debug callback function. A disadvantage to that approach is that the message is already fully constructed before a decision is made to not use it. debug_set_threshold() is a global threshold that drops all messages in debug functions that have a level over the threshold. The default is 0, which drops all messages, so you will have to increment it if you want to receive debug messages in your callback.

Run-time capabilities checking

The Version module is expanded by version_check_feature() which gives you the ability to check at run-time if certain support is compiled into the library you use. This allows you to detect if the library you is has multi-threaded support compiled in for instance.

AES-NI improvement

The existing AES-NI code is rewritten to be compatible with older versions of as (from binutils).

If you experienced errors like:

/tmp/ccnZnCzy.s: Assembler messages:
/tmp/ccnZnCzy.s:68: Error: no such instruction: `aesenc %xmm1,%xmm0'
/tmp/ccnZnCzy.s:73: Error: no such instruction: `aesenclast %xmm1,%xmm0'
/tmp/ccnZnCzy.s:77: Error: no such instruction: `aesdec %xmm1,%xmm0'
/tmp/ccnZnCzy.s:82: Error: no such instruction: `aesdeclast %xmm1,%xmm0'
/tmp/ccnZnCzy.s:320: Error: no such instruction: `aeskeygenassist $0x08,%xmm1,%xmm2'
/tmp/ccnZnCzy.s:376: Error: no such instruction: `aeskeygenassist $0x36,%xmm0,%xmm1'
/tmp/ccnZnCzy.s:420: Error: no such instruction: `aesimc %xmm0,%xmm0'

You will want to upgrade to 1.3.7.


The use of POLARSSL_CONFIG_OPTIONS is deprecated from 1.3.7 on. It is no longer needed to define this option in order to set module level configuration option.

In short, the definitions in modules have changed from:




Support for more Attribute Types from IETX PKIX (RFC 5280)

In addition to existing Attribute Types we now also parse and support the following Attribute Types in X.509 names:

  • surName and SN
  • givenName and GN
  • initials
  • generationQualifier
  • title
  • dnQualifier
  • pseudonym
  • domainComponent and DC

RC4 ciphersuite re-prioritized

Consensus in the TLS community is increasing about deprecating RC4. As a result the RC4 ciphersuites now have the lowest priority by default.

Bug fixes

Fixes include:

  • Only iterate over actual certificates in ssl_write_certificate_request() (found by Matthew Page)
  • Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan Karger)
  • cert_write app should use subject of issuer certificate as issuer of cert
  • Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites, for full SSL frames of data.
  • Improve interoperability by not writing extension length in ClientHello / ServerHello when no extensions are present (found by Matthew Page)
  • rsa_check_pubkey() now allows an E up to N.
  • On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
  • mpi_fill_random() was creating numbers larger than requested on big-endian platform when size was not an integer number of limbs
  • Fix dependencies issues in X.509 test suite.
  • Some parts of ssl_tls.c were compiled even when the module was disabled.
  • Fix detection of DragonflyBSD in net.c (found by Markus Pfeiffer)
  • Fix detection of Clang on some Apple platforms with CMake (found by Barry K. Nathan)

More details can be found in the ChangeLog.

Who should update

We advise users of PolarSSL to update if they:

  • use PolarSSL 1.3.6 as it does not handle full-sized packets well
  • want to use one of the new features

Download links

Get your copy here: polarssl-1.3.7-gpl.tgz


The hashes for polarssl-1.3.7-gpl.tgz are:

SHA-1  : 4bfce7f2e833bead53ecd38098325a784ada5c39
SHA-256: 6beef0281160bf07fefefd6b412dd1ce4c39261cf5300835aef442253f0400e5

Like this?




Last updated:
May 2, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.