Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2026-01-05 22:19:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Countermeasure against "triple handshake" attack

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-10 09:34:49 +01:00
parent fdf3f0e671
commit 796c6f3aff
2 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -14,6 +14,11 @@ Changes
* entropy_add_source(), entropy_update_manual() and entropy_gather()
now thread-safe if POLARSSL_THREADING_C defined
Security
* Forbid change of server certificate during renegotiation to prevent
"triple handshake" attack when authentication mode is optional (the
attack was already impossible when authentication is required).
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
statistics