This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519,
XChaCha20-Poly1305, and PSK processing. Highlights include:
- A timing-side-channel issue in X25519 specifically affecting
Xtensa-based ESP32 devices. Low-memory X25519 implementations are now
the default for Xtensa.
- A medium-severity TLS 1.3 server-side DoS risk from repeated
KeyShareEntry values in malicious ClientHello messages.
- Several TLS 1.3 downgrade-related issues (PFS downgrades, signature
algorithm downgrades, and duplicate extension parsing).
- A memory leak risk in TLS 1.2 certificate digest handling.
- XChaCha20-Poly1305 decryption bounds-check fix and constant-time
improvements in PSK binder verification.