From b7c22ecc746c4871a57e6b7ed17f97df0eca8140 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 11 Feb 2019 21:47:30 +0000 Subject: [PATCH] Fix documentation for 3DES removal --- include/mbedtls/config.h | 2 +- tests/compat.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5b176caa6..f3039f937 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -565,7 +565,7 @@ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * them explicitly. * - * A man-in-the browser attacker can recover authentication tokens sent through + * A man-in-the-browser attacker can recover authentication tokens sent through * a TLS connection using a 3DES based cipher suite (see "On the Practical * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaƫtan * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls diff --git a/tests/compat.sh b/tests/compat.sh index eefebd078..4db414de1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -57,6 +57,7 @@ FILTER="" # - NULL: excluded from our default config # - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) +# - 3DES: not in default config EXCLUDE='NULL\|DES-CBC-\|RC4\|3DES\|ARCFOUR' VERBOSE="" MEMCHECK=0