Lines Matching refs:client
7 client and server to extract additional shared symmetric keys from an SSL
137 * implements `psa_can_do_hash()` on the client interface
217 * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
224 * By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now
294 client, if the client-provided certificate does not have appropriate values
299 than TLS client authentication could be able to use it for TLS client
306 * Fix TLS 1.3 client build and runtime when support for session tickets is
354 * Fix TLS connection failure in applications using an Mbed TLS client in
533 malicious client could cause information disclosure or a denial of service.
556 client could put the TLS 1.3-only server in an infinite loop processing
559 - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
609 * In TLS 1.3 clients, fix an interoperability problem due to the client
824 be completely zeroized during TLS 1.2 handshake, in both server and client
880 (previously accepted values were limited to "client" or "server").
903 * In TLS 1.3, fix handshake failure when a client in its ClientHello
1068 * Fix a potential heap buffer overread in TLS 1.3 client-side when
1088 calculation on the client side. It prevents a server with more accurate
1091 than the age computed and transmitted by the client and thus potentially
1136 This is a partial fix that allows only "client" and "server" identifiers.
1139 * In the TLS 1.3 server, select the preferred client cipher suite, not the
1315 * Fix an interoperability failure between an Mbed TLS client with both
1349 * Add a configuration check to exclude optional client authentication
1477 * Add support for server HelloRetryRequest message. The TLS 1.3 client is
1480 * Add support for client-side TLS version negotiation. If both TLS 1.2 and
1481 TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now
1526 MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
1534 client or server could cause an MbedTLS server or client to overread up
1541 provided by a client or server certificate for authentication was not
1543 client or server to be able to authenticate itself through a certificate
1544 to an Mbed TLS TLS 1.3 server or client while it does not own a proper
1552 * Fixed swap of client and server random bytes when exporting them alongside
1558 client would fail to check that the curve selected by the server for
1559 ECDHE was indeed one that was offered. As a result, the client would
1611 * Fix a TLS 1.3 handshake failure when the first attempt to send the client
1617 connection identifier, the Mbed TLS client now properly sends the server
2189 * In a TLS client, enforce the Diffie-Hellman minimum parameter size
2413 the PSA code needed by a PSA crypto client when the PSA crypto
2843 DTLS client when parsing the Hello Verify Request message.
3017 from modifying the client/server hello.
3057 the parent process closes the client socket and continue accepting, and
3058 the child process closes the listening socket and handles the client
3217 client programs to fail at the peer's certificate verification
3453 implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
3454 including client authentication).
3518 * Close a test gap in (D)TLS between the client side and the server side:
3519 test the handling of large packets and small packets on the client side
3791 * Fix a client-side bug in the validation of the server's ciphersuite choice
3792 which could potentially lead to the client accepting a ciphersuite it didn't
4264 The issue could only happen client-side with renegotiation enabled.
4482 * Fix compatibility issue with Internet Explorer client authentication,
4483 where the limited hash choices prevented the client from sending its
4654 * Fix potential heap buffer overflow in servers that perform client
4656 unless you allow third parties to pick trust CAs for client auth.
4676 * Fix possible client-side NULL pointer dereference (read) when the client
4689 * When a client initiates a reconnect from the same port as a live
4728 * Fix memory corruption on client with overlong PSK identity, around
5000 * Fix bug related to ssl_set_curves(): the client didn't check that the
5031 client certificate) (found using Codenomicon Defensics).
5033 (TLS server is not affected if it doesn't ask for a client certificate)
5036 (TLS server is not affected if it doesn't ask for a client certificate)
5096 * Example programs for SSL client and server now disable SSLv3 by default.
5097 * Example programs for SSL client and server now disable RC4 by default.
5105 (server is not affected if it doesn't ask for a client certificate)
5121 renegotation was pending, and on client when a HelloRequest was received.
5150 It was possible to crash the server (and client) using crafted messages
5175 strongest offered by client.
5351 client certificate.
5352 * ssl_srv was leaking memory when client presented a timed out ticket
5353 containing a client certificate
5383 * Support for adhering to client ciphersuite order preference
5434 * Server does not send out extensions not advertised by client
5531 * Fix potential invalid memory read in the server, that allows a client to
5534 client to crash the server remotely if client authentication is enabled
5554 for a client certificate) (found using Codenomicon Defensics).
5556 (TLS server is not affected if it doesn't ask for a client certificate)
5559 (TLS server is not affected if it doesn't ask for a client certificate)
5562 (TLS server is not affected if it doesn't ask for a client certificate).
5592 (server is not affected if it doesn't ask for a client certificate).
5605 renegotation was pending, and on client when a HelloRequest was received.
5639 It was possible to crash the server (and client) using crafted messages
5728 * Secure renegotiation extension should only be sent in case client
5806 * Correctly handle CertificateRequest message in client for <= TLS 1.1
5820 * Fixed client authentication compatibility
5988 * Fixed potential memory corruption on miscrafted client messages (found by
6151 * Do not bail out if no client certificate specified. Try
6366 * Added support on the client side for the TLS "hostname" extension
6375 serial number, setup correct server port in the ssl client example
6394 message digests, which fixes IE6/IE7 client authentication
6448 * Implemented session resuming and client authentication
6462 generated) and in ssl_parse_client_hello (max. client