]> git.ipfire.org Git - thirdparty/openwrt.git/commit
projects / thirdparty / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a696935) | patch
mbedtls: backport upstream patches to fix TLS 1.2 client issues 23066/head
authorMagnus Kroken <mkroken@gmail.com>
Thu, 23 Apr 2026 18:12:51 +0000 (20:12 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Mon, 4 May 2026 22:27:58 +0000 (00:27 +0200)
commite65001e3e7ce8509ab937f339d92409668c4af9c
tree8758bbd5d2da386d7f8b5c7d0b70d6e0d7d225betree | snapshot
parenta6969351a7bf2e38deff37480c172230e61177f2commit | diff
mbedtls: backport upstream patches to fix TLS 1.2 client issues

Fix a TLS 1.2 regression that caused clients to reject valid
ServerKeyExchange signatures using RSA-PSS signature algorithms.

The TLS 1.2 regression resulted in errors like:
$ curl https://api.domeneshop.no/v0/
curl: (35) ssl_handshake returned: (-0x6600) SSL - A field in a message was incorrect or inconsistent with other fields

Fixes: https://github.com/openwrt/openwrt/issues/22874
Fixes: https://github.com/openwrt/openwrt/issues/23116
Fixes: f48ef0040b7e ("mbedtls: update to 3.6.6")
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/23066
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/libs/mbedtls/Makefile diff | blob | blame | history
package/libs/mbedtls/patches/001-ssl-accept-TLS-1.2-rsa_pss_rsae-signature-schemes.patch [new file with mode: 0644] blob
package/libs/mbedtls/patches/002-ssl-narrow-TLS-1.2-RSA-PSS-handling-and-add-interop-.patch [new file with mode: 0644] blob
Mirror of https://github.com/openwrt/openwrt.git