From 6882ec15211163ba657a22436aa3eef222547e22 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Mon, 26 Nov 2018 20:57:49 +0000
Subject: [PATCH] Fix wording of ChangeLog and 3DES_REMOVE docs

---
 ChangeLog                | 3 ++-
 include/mbedtls/config.h | 7 +++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 3b1ab53dc..4e037741d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,7 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 Features
    * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
-     from the default list (inactive by default).
+     from the default list (enabled by default). See
+     https://sweet32.info/SWEET32_CCS16.pdf.
 
 Bugfix
    * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0505e8993..4d337bff9 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -695,6 +695,13 @@
  * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
  * them explicitly.
  *
+ * A man-in-the browser attacker can recover authentication tokens sent through
+ * a TLS connection using a 3DES based cipher suite (see "On the Practical
+ * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
+ * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
+ * in your threat model or you are unsure, then you should keep this option
+ * enabled to remove 3DES based cipher suites.
+ *
  * Comment this macro to keep 3DES in the default ciphersuite list.
  */
 #define MBEDTLS_REMOVE_3DES_CIPHERSUITES