mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-04-13 07:31:37 +02:00
ae270bf386
Upgrade the default list of hashes and curves allowed for TLS. The list is now aligned with X.509 certificate verification: hashes and curves with at least 255 bits (Curve25519 included), and RSA 2048 and above. Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE which would no longer do anything. Document more precisely what is allowed by default. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>