Security | |
* Restore the maximum TLS version to be negotiated to the configured one | |
when an SSL context is reset with the mbedtls_ssl_session_reset() API. | |
An attacker was able to prevent an Mbed TLS server from establishing any | |
TLS 1.3 connection potentially resulting in a Denial of Service or forced | |
version downgrade from TLS 1.3 to TLS 1.2. Fixes #8654 reported by hey3e. | |
Fixes CVE-2024-28755. |