mbedtls/docs/3.0-migration-guide.d/remove-enable-weak-ciphersuites.md

Remove the configuration to enable weak ciphersuites in SSL / TLS
-----------------------------------------------------------------

This does not affect users who use the default `mbedtls_config.h`, as this option was
already off by default.

If you were using a weak cipher, please switch to any of the modern,
recommended ciphersuites (based on AES-GCM, AES-CCM or ChachaPoly for example)
and if your peer doesn't support any, encourage them to upgrade their software.

If you were using a ciphersuite without encryption, you just have to
enable MBEDTLS_CIPHER_NULL_CIPHER now.
Add change log and migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com> 2021-04-30 16:42:35 +02:00			`Remove the configuration to enable weak ciphersuites in SSL / TLS`
			`-----------------------------------------------------------------`

Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com> 2021-05-28 09:42:25 +02:00			This does not affect users who use the default `mbedtls_config.h`, as this option was
Add change log and migration guide Signed-off-by: Ronald Cron <ronald.cron@arm.com> 2021-04-30 16:42:35 +02:00			`already off by default.`

			`If you were using a weak cipher, please switch to any of the modern,`
			`recommended ciphersuites (based on AES-GCM, AES-CCM or ChachaPoly for example)`
			`and if your peer doesn't support any, encourage them to upgrade their software.`

			`If you were using a ciphersuite without encryption, you just have to`
			`enable MBEDTLS_CIPHER_NULL_CIPHER now.`