FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mbedTLS/PolarSSL -- multiple vulnerabilities

Affected packages
1.2.0 <= polarssl < 1.2.15
1.3.0 <= polarssl13 < 1.3.12

Details

VuXML ID 953aaa57-6bce-11e5-9909-002590263bf5
Discovery 2015-08-11
Entry 2015-10-06

ARM Limited reports:

In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits.

In addition the default size for the Diffie-Hellman parameters on the server are increased to 2048 bits. This can be changed with ssl_set_dh_params() in case this is necessary.

[source]

References

URL https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-and-mbedtls-1.3.12-released

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.