PolarSSL 1.2.5 released

Description

This release fixes a possible timing side channel in the PolarSSL SSL module during decryption of the buffer due to badly formatted padding in the incoming message. Check out PolarSSL Security Advisory 2013-01 for more information.

In addition some flags have been added to manipulate behaviour of the SSL module with regards of sending of non-critical alert messages (from an interoperability point of view) and debugging of bad padding bytes.

The final addition is a dummy error_strerror() function that makes it easier to use the function in code without needing constant checks to see if POLARSSL_ERROR_C is defined.

Who should update

Our advice for users of the PolarSSL 1.2 branch is to update:

Download links

Get your copy here: polarssl-1.2.5-gpl.tgz

Hashes

The hashes for polarssl-1.2.5-gpl.tgz are:

SHA-1  : 84a703feaeb00cb5fba74a4aa7168e79128bbb19
SHA-256: ee596851684faef5af124902a27abec0461b2311eee1aa9620d732f9ea4d124a

Like this?

Section:
Releases

Author:


Published:


Last updated:
Mar 11, 2013

Sharing:


Want to stay up to date?