Leave the preference order for hashes unspecified

We don't seem to have strong feelings about this, so allow ourselves to
change the order later.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

include/mbedtls/ssl.h

@@ -2943,8 +2943,9 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
  * \note           By default, all supported hashes whose length is at least
  *                 256 bits are allowed. This is the same set as the default
  *                 for certificate verification
- *                 (#mbedtls_x509_crt_profile_default). Larger hashes are
+ *                 (#mbedtls_x509_crt_profile_default).
- *                 preferred.
+ *                 The preference order is currently unspecified and may
+ *                 change in future versions.
  *
  * \param conf     SSL configuration
  * \param hashes   Ordered list of allowed signature hashes,

library/ssl_tls.c

@@ -6099,8 +6099,8 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /* The selection should be the same as mbedtls_x509_crt_profile_default in
- * x509_crt.c. Here, the order matters: larger hashes first, for consistency
+ * x509_crt.c. Here, the order matters. Currently we favor stronger hashes,
- * with curves.
+ * for no fundamental reason.
  * See the documentation of mbedtls_ssl_conf_curves() for what we promise
  * about this list. */
 static int ssl_preset_default_hashes[] = {