We take all security reports seriously. When we receive such reports, we will investigate and subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential security issue in this project, please notify AWS/Amazon Security via our vulnerability reporting page or directly via email to AWS Security. Please do not create a public GitHub issue in this project.
Security: aws/s2n-tls
Security
SECURITY.md
-
s2n-tls could negotiate signature algorithms not allowed by policyGHSA-97r4-p6c4-5gv3 published
Oct 5, 2023 by dougchLow -
Issue with parsing Certificate Common Name (CN) in s2n-tlsGHSA-h5p4-28rh-q272 published
Feb 14, 2023 by camshaftLow -
Server denial-of-service by using sslv2 message format in a HelloRetryRequest handshakeGHSA-mm47-wjfh-4hf5 published
Sep 27, 2022 by camshaftLow -
Issue with configuring session ticket names in s2n-tlsGHSA-m74w-59v6-c5r8 published
Sep 27, 2022 by camshaftModerate -
Allocated memory not freed when session ticket is usedGHSA-q4mv-c662-pgwg published
Dec 14, 2020 by zaherdLow -
Predictable IV in CBC-mode composite cipher suitesGHSA-7gxc-93xj-596h published
Oct 12, 2020 by agray256Low -
Online Certificate Stapling Protocol (OCSP) Revocation check bypassGHSA-7v2g-v7wj-26jg published
Oct 12, 2020 by agray256Low -
Server denial-of-service via crafted handshake messageGHSA-j875-5qwx-w645 published
Oct 12, 2020 by agray256Low
Learn more about advisories related to aws/s2n-tls in the GitHub Advisory Database