Add change log

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2026-04-02 18:46:06 +02:00 · 2026-03-10 17:01:50 +01:00
parent 668e677faf
commit 0be90b44e2
1 changed files with 9 additions and 0 deletions
--- a/ChangeLog.d/tls12-2nd-client-hello.txt
+++ b/ChangeLog.d/tls12-2nd-client-hello.txt
@@ -0,0 +1,9 @@
+Security
+   * Fixed an issue in TLS 1.3 server handling of the second ClientHello, after
+     sending a HelloRetryRequest message. A man-in-the-middle attacker could
+     force a TLS 1.3 session resumption using a ticket to fall back to an
+     unintended TLS 1.2 session resumption with an all-zero master secret.
+     This could result in client authentication being bypassed and allow client
+     impersonation.
+     Found and reported by Jaehun Lee, Pohang University of Science and
+     Technology (POSTECH).