Security | |
* When negotiating TLS version on server side, do not fall back to the | |
TLS 1.2 implementation of the protocol if it is disabled. | |
- If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 | |
client could put the TLS 1.3-only server in an infinite loop processing | |
a TLS 1.2 ClientHello, resulting in a denial of service. Reported by | |
Matthias Mucha and Thomas Blattmann, SICK AG. | |
- If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client | |
was able to successfully establish a TLS 1.2 connection with the server. | |
Reported by alluettiv on GitHub. | |
Fixes CVE-2024-28836. |