Google Git
Sign in
pigweed/third_party/github/ARMmbed/mbedtls/f92c86e44d5c33ad2a895cf7f0b989737a60d252^!/./ChangeLog
commit
f92c86e44d5c33ad2a895cf7f0b989737a60d252
[log]
author
Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Thu Jan 07 13:18:01 2016 +0100
committer
Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Thu Jan 07 13:18:01 2016 +0100
tree
669f05e7b9fdefcc241ec8d0b57ed72859265892
parent
bfafadb45daf8d2114e3109e2f9021fc72ee36bb [diff] [blame]
Update reference to attack in ChangeLog

We couldn't do that before the attack was public

diff --git a/ChangeLog b/ChangeLog
index e21187f..5dcb5a2 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,7 +6,10 @@
    * Fix potential double free when mbedtls_asn1_store_named_data() fails to
      allocate memory. Only used for certificate generation, not triggerable
      remotely in SSL/TLS. Found by Rafał Przywara. #367
-   * Disable MD5 handshake signatures in TLS 1.2 by default
+   * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
+     SLOTH attack on TLS 1.2 server authentication (other attacks from the
+     SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
+     https://www.mitls.org/pages/attacks/SLOTH
 
 Bugfix
    * Fix over-restrictive length limit in GCM. Found by Andreas-N. #362