ChangeLog.d/tls13-only-server.txt - third_party/github/ARMmbed/mbedtls - Git at Google

 Security
    * When negotiating TLS version on server side, do not fall back to the
      TLS 1.2 implementation of the protocol if it is disabled.
      - If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
        client could put the TLS 1.3-only server in an infinite loop processing
        a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
        Matthias Mucha and Thomas Blattmann, SICK AG.
      - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
        was able to successfully establish a TLS 1.2 connection with the server.
        Reported by alluettiv on GitHub.
     Fixes CVE-2024-28836.
	Security
	* When negotiating TLS version on server side, do not fall back to the
	TLS 1.2 implementation of the protocol if it is disabled.
	- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2
	client could put the TLS 1.3-only server in an infinite loop processing
	a TLS 1.2 ClientHello, resulting in a denial of service. Reported by
	Matthias Mucha and Thomas Blattmann, SICK AG.
	- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
	was able to successfully establish a TLS 1.2 connection with the server.
	Reported by alluettiv on GitHub.
	Fixes CVE-2024-28836.