Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0

Update the default hash and curve selection for X.509 and TLS

docs/3.0-migration-guide.md

@@ -65,31 +65,6 @@ If you're a library user and used to rely on having access to a structure or
 function that's now in a private header, please reach out on the mailing list
 and explain your need; we'll consider adding a new API in a future version.
 
-Remove the option to allow SHA-1 by default in certificates
------------------------------------------------------------
-
-This does not affect users who use the default `config.h`, as this option was
-already off by default.
-
-If you used to enable `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES` in your
-`config.h`, first please take a moment to consider whether you really still
-want to accept certificates signed with SHA-1 as those are considered insecure
-and no CA has issued them for a while. If you really need to allow SHA-1 in
-certificates, please set up a custom profile as follows:
-
-```
-const mbedtls_x509_crt_profile mbedtls_x509_crt_custom = {
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
-    MBEDTLS_X509_ID_FLAG( /* other hash */ ) /* | etc */,
-    0xFFFFFFF,  /* Or specific PK algs */
-    0xFFFFFFF,  /* Or specific curves */
-    2048        /* Or another RSA min bitlen */
-};
-```
-Then pass it to `mbedtls_x509_crt_verify_with_profile()` if you're verifying
-a certificate chain directly, or to `mbedtls_ssl_conf_cert_profile()` if the
-verification happens during a TLS handshake.
-
 Remove the certs module from the library
 ----------------------------------------