SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling it causes compatibility issues, especially with clients that use TLS1.2 but don't send the signature_algorithms extension. SHA-1 is forbidden in certificates by default, since it's vulnerable to offline collision-based attacks.
This commit is contained in:
Gilles Peskine
Manuel Pégourié-Gonnard
parent
682df09159
commit
5d2511c4d4
7 changed files with 32 additions and 17 deletions
|
|
@ -7162,7 +7162,7 @@ static int ssl_preset_default_hashes[] = {
|
|||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_SHA224,
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
|
||||
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
|
||||
MBEDTLS_MD_SHA1,
|
||||
#endif
|
||||
MBEDTLS_MD_NONE
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||
*/
|
||||
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
|
||||
{
|
||||
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
|
||||
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
|
||||
/* Allow SHA-1 (weak, but still safe in controlled environments) */
|
||||
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue