CVE-2026-1677

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via mbedtls ssl conf min tls version). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed IPPROTO TLS 1 3 enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the TLS CIPHERSUITE LIST socket option can be restricted to TLS 1.3-only cipher suites.