2021-08-20 17:10:10
eclipse
PUBLISHED
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server sides signature on the client side, if that signature is not included in the servers ServerKeyExchange.