yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 03:51:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE in default config.

Browse source 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk 2021-08-27 15:36:47 +02:00
parent b3d344c225
commit 7d13539d1b
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/remove_default_alllow_sha1.txt
View file

@ -4,3 +4,7 @@ Removals
signing. It was intended to facilitate the transition in environments signing. It was intended to facilitate the transition in environments
with SHA-1 certificates. SHA-1 is considered a weak message digest and with SHA-1 certificates. SHA-1 is considered a weak message digest and
its use constitutes a security risk. its use constitutes a security risk.
Changes
* Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be
disabled by default.

2
include/mbedtls/config.h
View file

@ -3912,7 +3912,7 @@
* on it, and considering stronger message digests instead. * on it, and considering stronger message digests instead.
* *
*/ */
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE //#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
/** /**
* Uncomment the macro to let mbed TLS use your alternate implementation of * Uncomment the macro to let mbed TLS use your alternate implementation of