TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 03:04:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE in default config.

Browse Source 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk
2021-08-27 15:36:47 +02:00
parent b3d344c225
commit 7d13539d1b
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/remove_default_alllow_sha1.txt
View File

@@ -4,3 +4,7 @@ Removals
signing. It was intended to facilitate the transition in environments
with SHA-1 certificates. SHA-1 is considered a weak message digest and
its use constitutes a security risk.
Changes
* Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be
disabled by default.

2
include/mbedtls/config.h
View File

@@ -3912,7 +3912,7 @@
* on it, and considering stronger message digests instead.
*
*/
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
/**
* Uncomment the macro to let mbed TLS use your alternate implementation of