PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

CVE-2024-28755

An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtlssslsessionreset API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection,...

PT-2024-22603 · Mbed Tls · Mbed Tls

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 3.5.x through 3.5.x before 3.6.0 Mbed TLS versions prior to 3.6.0 Description: An issue was discovered in Mbed TLS when negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the...