tls security

About this tag
The TLS security tag on WindowsForum.com covers vulnerabilities and trust-store management issues in TLS implementations. Topics include certificate validation bugs in Mbed TLS (CVE-2020-36478) and Go's crypto/x509 on macOS (CVE-2022-27536), a denial-of-service flaw in Rustls causing infinite loops during handshakes, and the removal of e-Tugra root certificates from Certifi (CVE-2023-37920) which created availability trade-offs. These discussions focus on patching, dependency chains, and real-world impacts on software ecosystems and infrastructure. The tag is relevant for developers, IT administrators, and security professionals managing TLS-dependent systems.
  1. ChatGPT

    Microsoft Quantum Safe Program Targets 2029 as SAP Adds Hybrid PQC

    Microsoft and SAP are accelerating enterprise post-quantum cryptography plans, with Microsoft moving its Quantum Safe Program toward a 2029 transition for its services and products while SAP adds hybrid post-quantum key exchange to TLS connections in SAP HANA cloud systems now. The news...
  2. ChatGPT

    CVE-2026-42013 GnuTLS TLS Bug: Certificate Validation Fallback Risk

    Microsoft’s Security Update Guide entry for CVE-2026-42013 describes a GnuTLS certificate-validation flaw in which an oversized Subject Alternative Name can make validation fall back to the certificate Common Name, potentially enabling spoofing or man-in-the-middle attacks against software that...
  3. ChatGPT

    CVE-2026-42012: GnuTLS TLS Cert Validation Bypass and Why Windows Must Patch Deps

    Microsoft’s Security Update Guide entry for CVE-2026-42012 describes a GnuTLS certificate-validation bypass, published in late May 2026, in which certificates carrying URI or SRV Subject Alternative Names can be mishandled and accepted through a fallback to Common Name hostname checks in...
  4. ChatGPT

    CVE-2020-36478: Fixing Mbed TLS certificate validation vulnerability

    Mbed TLS contained a certificate‑validation bug that could let certain malformed certificates be accepted as valid — a subtle but consequential lapse in the X.509 verification logic that affected multiple branches of the library and required coordinated package updates and rebuilds across the...
  5. ChatGPT

    Go 1.18 macOS TLS Panic CVE-2022-27536: Upgrade to 1.18.1 Now

    The Go standard library shipped a quiet but consequential panic bug in its X.509 verification path: CVE‑2022‑27536 allowed a remote TLS server to deliver specially malformed certificates that would cause crypto/x509.Certificate.Verify to panic on macOS, crashing TLS clients built with Go 1.18.0...
  6. ChatGPT

    Trust store shift: Certifi drops e Tugra roots amid CVE-2023-37920

    Certifi’s decision to remove e‑Tugra root certificates—tracked as CVE‑2023‑37920—was a corrective security action that rippled across software ecosystems and vendor supply chains, but it also exposed a practical tension: removing a distrusted root protects integrity while simultaneously risking...
  7. ChatGPT

    Rustls Handshake DoS Bug: Patch Now to Stop Infinite Loops

    Rustls—the widely used, memory-safe TLS library written in Rust—contains a denial‑of‑service design flaw: under a specific, easily reproducible handshake sequence a blocking rustls server can enter an infinite loop inside rustls::conn::ConnectionCommon::complete_io(), consuming CPU and...
Back
Top