Primary

Context

wolfSSL TLS 1.3 HelloRetryRequest Handshake Confidentiality Vulnerability

Vulnerability

Patched

A vulnerability in wolfSSL's TLS 1.3 client HelloRetryRequest handshake logic could compromise the confidentiality of TLS-protected communications. This issue arises from a missing cryptographic step that allows a crafted HelloRetryRequest, followed by a ServerHello message that omits the necessary key_share extension, to be exploited. As a result, predictable traffic secrets can be derived from the (EC)DHE shared secret. However, this vulnerability does not impact the client's authentication of the server during TLS handshakes.

Impact

Exploitation of this vulnerability could lead to the derivation of predictable traffic secrets, allowing for a compromise of the confidentiality of TLS-protected communications.

Added: Mar 19, 2026, 9:23 PM

Updated: Mar 19, 2026, 9:23 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

7.7

relevance

4.1

threat

6.4

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

7.7

relevance

4.1

threat

6.4

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL TLS 1.3 HelloRetryRequest Handshake Confidentiality Vulnerability

Vulnerability

Impact

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating