Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.3.9 released


PolarSSL 1.3.9 has been released!

On the security front this release fixes a mistake in the negotiation introduced in PolarSSL 1.3.8. The mistake resulted in servers negotiating a weaker signature algorithm than available. In addition two remotely-triggerable memory leaks were found by the Codenomicon Defensics tool and fixed in this release.

No new features are introduced in this release. A number of changes in behaviour and bug fixes are included.


Important changes in this release include:

  • Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no standard defining how to use SHA-2 with SSL 3.0).
  • Ciphersuites using RSA-PSK key exchange now require TLS 1.x (the spec is ambiguous on how to encode some packets with SSL 3.0).
  • Made buffer size in pk_write_(pub)key_pem() more dynamic, e.g. smaller if RSA is disabled, larger if POLARSSL_MPI_MAX_SIZE is larger.
  • ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
  • POLARSSL_MPI_MAX_SIZE now defaults to 1024 in order to allow 8192 bits RSA keys.
  • Accept spaces at end of line or end of buffer in base64_decode().
  • X.509 certificates with more than one AttributeTypeAndValue per RelativeDistinguishedName are not accepted any more.

Bug fixes

Fixes include:

  • Support escaping of commas in x509_string_to_names().
  • Fix compile error in ssl_pthread_server (found by Julian Ospald).
  • Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
  • Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
  • Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
  • Fix compile error in timing.c when POLARSSL_NET_C and POLARSSL_SELFTEST are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito).
  • Remove non-existent file from VS projects (found by Peter Vaskovic).
  • ssl_read() could return non-application data records on server while renegotation was pending, and on client when a HelloRequest was received.
  • Server-initiated renegotiation would fail with non-blocking I/O if the write callback returned POLARSSL_ERR_NET_WANT_WRITE when requesting renegotiation.
  • ssl_close_notify() could send more than one message in some circumstances with non-blocking I/O.
  • Fix compiler warnings on iOS (found by Sander Niemeijer).
  • x509_crt_parse() did not increase total_failed on PEM error
  • Fix compile error with armcc in mpi_is_prime()
  • Fix potential bad read in parsing ServerHello (found by Adrien Vialletelle).

More details can be found in the ChangeLog.

Who should update

We advise users of PolarSSL to update if they:

  • use the SSL server functionality from PolarSSL 1.3.8
  • are affected by one of the bugs fixed in this release

Download links

Get your copy here: polarssl-1.3.9-gpl.tgz


The hashes for polarssl-1.3.9-gpl.tgz are:

SHA-1  : 3462b4455e1443ac1a1007fbd69861ebfb5c5506
SHA-256: d3605afc28ed4b7d1d9e3142d72e42855e4a23c07c951bbb0299556b02d36755

Like this?




Last updated:
Oct 23, 2014


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.