Drop support for RC4 TLS ciphersuites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk
parent
a3a9984a5d
commit
5224e29f0e
20 changed files with 11 additions and 1298 deletions
|
|
@ -201,9 +201,6 @@
|
|||
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED 0
|
||||
#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED 1
|
||||
|
||||
#define MBEDTLS_SSL_ARC4_ENABLED 0
|
||||
#define MBEDTLS_SSL_ARC4_DISABLED 1
|
||||
|
||||
#define MBEDTLS_SSL_PRESET_DEFAULT 0
|
||||
#define MBEDTLS_SSL_PRESET_SUITEB 2
|
||||
|
||||
|
|
@ -1140,9 +1137,6 @@ struct mbedtls_ssl_config
|
|||
unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
|
||||
/* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */
|
||||
unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites? */
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
unsigned int mfl_code : 3; /*!< desired fragment length */
|
||||
#endif
|
||||
|
|
@ -3365,25 +3359,6 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
|
|||
void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
|
||||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
#if defined(MBEDTLS_ARC4_C)
|
||||
/**
|
||||
* \brief Disable or enable support for RC4
|
||||
* (Default: MBEDTLS_SSL_ARC4_DISABLED)
|
||||
*
|
||||
* \warning Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
|
||||
* for security reasons. Use at your own risk.
|
||||
*
|
||||
* \note This function is deprecated and will be removed in
|
||||
* a future version of the library.
|
||||
* RC4 is disabled by default at compile time and needs to be
|
||||
* actively enabled for use with legacy systems.
|
||||
*
|
||||
* \param conf SSL configuration
|
||||
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
|
||||
*/
|
||||
void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
|
||||
#endif /* MBEDTLS_ARC4_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/**
|
||||
* \brief Whether to send a list of acceptable CAs in
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue