Disable RC4 by default in the library

2015-03-20 19:13:22 +00:00 · 2015-03-20 19:13:22 +00:00 · 849b174e57
commit 849b174e57
parent 391af97a71
3 changed files with 6 additions and 3 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -1784,10 +1784,10 @@ void ssl_set_extended_master_secret( ssl_context *ssl, char ems );

 /**
 * \brief          Disable or enable support for RC4
- *                 (Default: SSL_ARC4_ENABLED)
+ *                 (Default: SSL_ARC4_DISABLED)
 *
- * \note           Though the default is RC4 for compatibility reasons in the
- *                 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
+ * \warning        Use of RC4 in (D)TLS has been prohibited by RFC ????
+ *                 for security reasons. Use at your own risks.
 *
 * \note           This function will likely be removed in future versions as
 *                 RC4 will then be disabled by default at compile time.