Leave the preference order for hashes unspecified

We don't seem to have strong feelings about this, so allow ourselves to change the order later. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-29 03:32:39 +00:00 · 2021-06-02 15:29:38 +02:00 · 2021-06-02 15:29:38 +02:00 · a28f0f5082
commit a28f0f5082
parent b1940a76ad
2 changed files with 5 additions and 4 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -2943,8 +2943,9 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
 * \note           By default, all supported hashes whose length is at least
 *                 256 bits are allowed. This is the same set as the default
 *                 for certificate verification
- *                 (#mbedtls_x509_crt_profile_default). Larger hashes are
- *                 preferred.
+ *                 (#mbedtls_x509_crt_profile_default).
+ *                 The preference order is currently unspecified and may
+ *                 change in future versions.
 *
 * \param conf     SSL configuration
 * \param hashes   Ordered list of allowed signature hashes,
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -6099,8 +6099,8 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )

 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /* The selection should be the same as mbedtls_x509_crt_profile_default in
- * x509_crt.c. Here, the order matters: larger hashes first, for consistency
- * with curves.
+ * x509_crt.c. Here, the order matters. Currently we favor stronger hashes,
+ * for no fundamental reason.
 * See the documentation of mbedtls_ssl_conf_curves() for what we promise
 * about this list. */
 static int ssl_preset_default_hashes[] = {