We take all security reports seriously. When we receive such reports, we will investigate and subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential security issue in this project, please notify AWS/Amazon Security via our vulnerability reporting page or directly via email to AWS Security. Please do not create a public GitHub issue in this project.
Security: aws/s2n-tls
Security
SECURITY.md
-
mTLS API ordering may skip client authenticationGHSA-857q-xmph-p2v5 published
Aug 9, 2024 by lrstewartModerate -
Potential weak encryption of session ticketGHSA-p7fh-jw2q-8j43 published
Jul 19, 2024 by maddeleineHigh -
Potentially observable differences in RSA premaster secret handlingGHSA-52xf-5p2m-9wrv published
Jun 5, 2024 by dougchLow -
s2n-tls could negotiate signature algorithms not allowed by policyGHSA-97r4-p6c4-5gv3 published
Oct 5, 2023 by dougchLow -
Issue with parsing Certificate Common Name (CN) in s2n-tlsGHSA-h5p4-28rh-q272 published
Feb 14, 2023 by camshaftLow -
Server denial-of-service by using sslv2 message format in a HelloRetryRequest handshakeGHSA-mm47-wjfh-4hf5 published
Sep 27, 2022 by camshaftLow -
Issue with configuring session ticket names in s2n-tlsGHSA-m74w-59v6-c5r8 published
Sep 27, 2022 by camshaftModerate -
Allocated memory not freed when session ticket is usedGHSA-q4mv-c662-pgwg published
Dec 14, 2020 by zaherdLow -
Predictable IV in CBC-mode composite cipher suitesGHSA-7gxc-93xj-596h published
Oct 12, 2020 by agray256Low -
Online Certificate Stapling Protocol (OCSP) Revocation check bypassGHSA-7v2g-v7wj-26jg published
Oct 12, 2020 by agray256Low
Learn more about advisories related to aws/s2n-tls in the GitHub Advisory Database