Lines Matching refs:client
6 * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
50 client and server to extract additional shared symmetric keys from an SSL
180 * implements `psa_can_do_hash()` on the client interface
260 * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
267 * By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now
337 client, if the client-provided certificate does not have appropriate values
342 than TLS client authentication could be able to use it for TLS client
349 * Fix TLS 1.3 client build and runtime when support for session tickets is
397 * Fix TLS connection failure in applications using an Mbed TLS client in
576 malicious client could cause information disclosure or a denial of service.
599 client could put the TLS 1.3-only server in an infinite loop processing
602 - If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client
652 * In TLS 1.3 clients, fix an interoperability problem due to the client
867 be completely zeroized during TLS 1.2 handshake, in both server and client
923 (previously accepted values were limited to "client" or "server").
946 * In TLS 1.3, fix handshake failure when a client in its ClientHello
1111 * Fix a potential heap buffer overread in TLS 1.3 client-side when
1131 calculation on the client side. It prevents a server with more accurate
1134 than the age computed and transmitted by the client and thus potentially
1179 This is a partial fix that allows only "client" and "server" identifiers.
1182 * In the TLS 1.3 server, select the preferred client cipher suite, not the
1358 * Fix an interoperability failure between an Mbed TLS client with both
1392 * Add a configuration check to exclude optional client authentication
1520 * Add support for server HelloRetryRequest message. The TLS 1.3 client is
1523 * Add support for client-side TLS version negotiation. If both TLS 1.2 and
1524 TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now
1569 MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled. An unauthenticated client
1577 client or server could cause an MbedTLS server or client to overread up
1584 provided by a client or server certificate for authentication was not
1586 client or server to be able to authenticate itself through a certificate
1587 to an Mbed TLS TLS 1.3 server or client while it does not own a proper
1595 * Fixed swap of client and server random bytes when exporting them alongside
1601 client would fail to check that the curve selected by the server for
1602 ECDHE was indeed one that was offered. As a result, the client would
1654 * Fix a TLS 1.3 handshake failure when the first attempt to send the client
1660 connection identifier, the Mbed TLS client now properly sends the server
2232 * In a TLS client, enforce the Diffie-Hellman minimum parameter size
2456 the PSA code needed by a PSA crypto client when the PSA crypto
2886 DTLS client when parsing the Hello Verify Request message.
3060 from modifying the client/server hello.
3100 the parent process closes the client socket and continue accepting, and
3101 the child process closes the listening socket and handles the client
3260 client programs to fail at the peer's certificate verification
3496 implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
3497 including client authentication).
3561 * Close a test gap in (D)TLS between the client side and the server side:
3562 test the handling of large packets and small packets on the client side
3834 * Fix a client-side bug in the validation of the server's ciphersuite choice
3835 which could potentially lead to the client accepting a ciphersuite it didn't
4307 The issue could only happen client-side with renegotiation enabled.
4525 * Fix compatibility issue with Internet Explorer client authentication,
4526 where the limited hash choices prevented the client from sending its
4697 * Fix potential heap buffer overflow in servers that perform client
4699 unless you allow third parties to pick trust CAs for client auth.
4719 * Fix possible client-side NULL pointer dereference (read) when the client
4732 * When a client initiates a reconnect from the same port as a live
4771 * Fix memory corruption on client with overlong PSK identity, around
5043 * Fix bug related to ssl_set_curves(): the client didn't check that the
5074 client certificate) (found using Codenomicon Defensics).
5076 (TLS server is not affected if it doesn't ask for a client certificate)
5079 (TLS server is not affected if it doesn't ask for a client certificate)
5139 * Example programs for SSL client and server now disable SSLv3 by default.
5140 * Example programs for SSL client and server now disable RC4 by default.
5148 (server is not affected if it doesn't ask for a client certificate)
5164 renegotation was pending, and on client when a HelloRequest was received.
5193 It was possible to crash the server (and client) using crafted messages
5218 strongest offered by client.
5394 client certificate.
5395 * ssl_srv was leaking memory when client presented a timed out ticket
5396 containing a client certificate
5426 * Support for adhering to client ciphersuite order preference
5477 * Server does not send out extensions not advertised by client
5574 * Fix potential invalid memory read in the server, that allows a client to
5577 client to crash the server remotely if client authentication is enabled
5597 for a client certificate) (found using Codenomicon Defensics).
5599 (TLS server is not affected if it doesn't ask for a client certificate)
5602 (TLS server is not affected if it doesn't ask for a client certificate)
5605 (TLS server is not affected if it doesn't ask for a client certificate).
5635 (server is not affected if it doesn't ask for a client certificate).
5648 renegotation was pending, and on client when a HelloRequest was received.
5682 It was possible to crash the server (and client) using crafted messages
5771 * Secure renegotiation extension should only be sent in case client
5849 * Correctly handle CertificateRequest message in client for <= TLS 1.1
5863 * Fixed client authentication compatibility
6031 * Fixed potential memory corruption on miscrafted client messages (found by
6194 * Do not bail out if no client certificate specified. Try
6409 * Added support on the client side for the TLS "hostname" extension
6418 serial number, setup correct server port in the ssl client example
6437 message digests, which fixes IE6/IE7 client authentication
6491 * Implemented session resuming and client authentication
6505 generated) and in ssl_parse_client_hello (max. client