Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Fixed
Priority: Major
Fix Version/s: 0.4.0
Component/s: Networking
Labels:
- PATCH
- SSL

Module:
- mbedtls
- schannel

Description

Looks like it's time to update. They have found a bunch of security problems by themselves.

Even if we don't make use of ticket reuse or any of the other problematic modules, and the only thing that could affect our schannel implementation theoretically is the lack of sizeof(hostname) < 255 bounds checking.

Anyway, updating a library like this is always a good idea.

References:

Used package: https://tls.mbed.org/download/mbedtls-2.1.2-apache.tgz with SHA-1 c99dfeaa27489f0e74e704e69a181f6ceb3db2a7.

–

aminekhaldi: Subscribing to their mailing list for updates might be also a good idea, just in case: https://tls.mbed.org/subscribe

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

swyter-mbedtls-2015-10-08-update-to-212.patch
26 kB
2015-10-08 10:27

Activity

People

Assignee:: AmineKhaldi

Reporter:: Swyter

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2015-10-08 10:27

Updated:: 2015-11-20 22:43

Resolved:: 2015-10-12 12:47