From 0be90b44e2ffe98525bec55545d87399dfc1b96e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 10 Mar 2026 17:01:50 +0100 Subject: [PATCH] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/tls12-2nd-client-hello.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ChangeLog.d/tls12-2nd-client-hello.txt diff --git a/ChangeLog.d/tls12-2nd-client-hello.txt b/ChangeLog.d/tls12-2nd-client-hello.txt new file mode 100644 index 0000000000..7513e0b945 --- /dev/null +++ b/ChangeLog.d/tls12-2nd-client-hello.txt @@ -0,0 +1,9 @@ +Security + * Fixed an issue in TLS 1.3 server handling of the second ClientHello, after + sending a HelloRetryRequest message. A man-in-the-middle attacker could + force a TLS 1.3 session resumption using a ticket to fall back to an + unintended TLS 1.2 session resumption with an all-zero master secret. + This could result in client authentication being bypassed and allow client + impersonation. + Found and reported by Jaehun Lee, Pohang University of Science and + Technology (POSTECH).