Bug 2449222 (CVE-2026-3230)

Summary:	CVE-2026-3230 wolfssl: wolfSSL: Confidentiality compromise via missing cryptographic step in TLS 1.3 HelloRetryRequest handshake
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	Keywords:	Security
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A flaw was found in wolfSSL. A remote attacker could exploit a missing cryptographic step in the Transport Layer Security (TLS) 1.3 client HelloRetryRequest handshake logic. By sending a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, an attacker could cause the derivation of predictable traffic secrets from the (Elliptic Curve) Diffie-Hellman Ephemeral ((EC)DHE) shared secret. This could lead to a compromise in the confidentiality of TLS-protected communications.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-03-19 22:02:16 UTC

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key_share extension, resulting in derivation of predictable traffic secrets from (EC)DHE shared secret. This issue does not affect the client's authentication of the server during TLS handshakes.