From 88c2cc721300700e024c81f2c9deb1cf660b1b4f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Nov 2018 09:56:02 +0000 Subject: [PATCH] Deprecate MBEDTLS_SSL_PROTO_SSL3 --- ChangeLog | 1 + include/mbedtls/check_config.h | 8 ++++++++ include/mbedtls/config.h | 3 +++ 3 files changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index b9f592a707..b3bb5f861f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) New deprecations * Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO that enables parsing SSLv2 ClientHello messages. + * Deprecate MBEDTLS_SSL_PROTO_SSL3 that enables support for SSLv3. Bugfix * Allow loading symlinked certificates. Fixes #3005. Reported and fixed diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 489ba55fe7..9372891c55 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -774,6 +774,14 @@ #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will likely be removed in a future version of Mbed TLS" +#elif defined(MBEDTLS_DEPRECATED_REMOVED) +#error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will likely be removed in a future version of Mbed TLS" +#endif +#endif /* MBEDTLS_SSL_PROTO_SSL3 */ + #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) #if defined(MBEDTLS_DEPRECATED_WARNING) #warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will likely be removed in a future version of Mbed TLS" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 7ed5902705..6eb37f7ba8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1605,6 +1605,9 @@ * Requires: MBEDTLS_MD5_C * MBEDTLS_SHA1_C * + * \deprecated This option is deprecated and will likely be removed in a + * future version of Mbed TLS. + * * Comment this macro to disable support for SSL 3.0 */ //#define MBEDTLS_SSL_PROTO_SSL3