Remove SHA-1 in TLS by default
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for certificate signing, and as the signature hash algorithm for the TLS 1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the XXX_SHA ciphersuites and in the PRF for TLS <= 1.1. For easy backward compatibility for use in controlled environments, turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
This commit is contained in:
Gilles Peskine
Manuel Pégourié-Gonnard
parent
23b33f8663
commit
5e79cb3662
4 changed files with 25 additions and 4 deletions
|
|
@ -2251,7 +2251,8 @@
|
|||
* library/ssl_tls.c
|
||||
* library/x509write_crt.c
|
||||
*
|
||||
* This module is required for SSL/TLS and SHA1-signed certificates.
|
||||
* This module is required for SSL/TLS up to version 1.1, for TLS 1.2
|
||||
* depending on the handshake parameters, and for SHA1-signed certificates.
|
||||
*/
|
||||
#define MBEDTLS_SHA1_C
|
||||
|
||||
|
|
@ -2636,6 +2637,15 @@
|
|||
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
|
||||
|
||||
/**
|
||||
* Allow SHA-1 in the default TLS configuration for certificate signing and
|
||||
* TLS 1.2 handshake signature. Without this build-time option, SHA-1
|
||||
* support must be activated explicitly through mbedtls_ssl_conf_cert_profile
|
||||
* and mbedtls_ssl_conf_sig_hashes. The use of SHA-1 in TLS <= 1.1 and in
|
||||
* HMAC-SHA-1 for XXX_SHA ciphersuites is always allowed by default.
|
||||
*/
|
||||
// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1
|
||||
|
||||
/* \} name SECTION: Customisation configuration options */
|
||||
|
||||
/* Target and application specific configurations */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue