mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 00:45:39 +00:00
Fix wording of ChangeLog and 3DES_REMOVE docs
This commit is contained in:
parent
5d8aade01d
commit
6882ec1521
|
@ -4,7 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||
|
||||
Features
|
||||
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
|
||||
from the default list (inactive by default).
|
||||
from the default list (enabled by default). See
|
||||
https://sweet32.info/SWEET32_CCS16.pdf.
|
||||
|
||||
Bugfix
|
||||
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
|
||||
|
|
|
@ -695,6 +695,13 @@
|
|||
* to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
|
||||
* them explicitly.
|
||||
*
|
||||
* A man-in-the browser attacker can recover authentication tokens sent through
|
||||
* a TLS connection using a 3DES based cipher suite (see "On the Practical
|
||||
* (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
|
||||
* Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
|
||||
* in your threat model or you are unsure, then you should keep this option
|
||||
* enabled to remove 3DES based cipher suites.
|
||||
*
|
||||
* Comment this macro to keep 3DES in the default ciphersuite list.
|
||||
*/
|
||||
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
|
||||
|
|
Loading…
Reference in a new issue