Mbed-TLS/mbedtls mbedtls-2.28.10

Mbed TLS 2.28.10

on GitHub

Description

This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues.

Mbed TLS 2.28.10 is the last release of the 2.28 LTS and won't receive bug fixes or security fixes anymore.
Users are advised to upgrade to a maintained version.

Security Advisories

For full details, please see the following links:

• Potential authentication bypass in TLS handshake
• TLS clients should generally call mbedtls_ssl_set_hostname

Release Notes

Default behavior changes

• In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
  mbedtls_ssl_handshake() now fails with
  MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
  if certificate-based authentication of the server is attempted.
  This is because authenticating a server without knowing what name
  to expect is usually insecure. To restore the old behavior, either
  call mbedtls_ssl_set_hostname() with NULL as the hostname, or
  enable the new compile-time option
  MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
  The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
  has changed, see the documentation of the hostname field in the
  mbedtls_ssl_context struct type for details.

Security

• Note that TLS clients should generally call mbedtls_ssl_set_hostname()
  if they use certificate authentication (i.e. not pre-shared keys).
  Otherwise, in many scenarios, the server could be impersonated.
  The library will now prevent the handshake and return
  MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
  if mbedtls_ssl_set_hostname() has not been called.
  CVE-2025-27809
• Zeroize temporary heap buffers used in PSA operations.
• Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
  or there was a cryptographic hardware failure when calculating the
  Finished message, it could be calculated incorrectly. This would break
  the security guarantees of the TLS handshake.
  CVE-2025-27810

Bugfix

• Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
  and 'mbedtls_net_connect' to prevent possible double close fd
  problems. Fixes #9711.
• Fix compilation on MS-DOS DJGPP. Fixes #9813.
• Fix missing constraints on the AES-NI inline assembly which is used on
  GCC-like compilers when building AES for generic x86_64 targets. This
  may have resulted in incorrect code with some compilers, depending on
  optimizations. Fixes #9819.
• Fix issue where psa_key_derivation_input_integer() is not detecting
  bad state after an operation has been aborted.
• Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
  occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
  with Visual Studio 2013 or MinGW.
  Fixes #10017.
• Remove Everest Visual Studio 2010 compatibility headers, which could
  shadow standard CRT headers inttypes.h and stdbool.h with incomplete
  implementatios if placed on the include path, eg. when building Mbed TLS
  with the .sln file shipped with the project.

Who should update

We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Note

❕ mbedtls-2.28.10.tar.bz2 are our official release files. source.tar.gz and source.zip are automatically generated snapshot's that github is generating. They do not include external dependencies, and can't be configured

Checksum

The SHA256 hashes for the archives are:
19e5b81fdac0fe22009b9e2bdcd52d7dcafbf62bc67fc59cf0a76b5b5540d149 mbedtls-2.28.10.tar.bz2