mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-03 10:20:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Reword changelog entry for removal of SHA-1

Browse Source 
from the default TLS configuration.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk 2021-04-14 15:38:46 +02:00
parent a58625f90d
commit bf4c4f9cd5
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog.d/remove_allow_sha1_in_certificates
View File

@ -1,8 +1,7 @@
Removals Removals
* Remove optional SHA-1 in the default TLS configuration for certificate * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
signing. This feature was ment to be available only temporarily. compile-time option, which was off by default. Users should not trust
Users are expected to use SHA-2 instead, since SHA-1 is currently certificates signed with SHA-1 due to the known attacks against SHA-1.
considered a security risk.
If needed, SHA-1 cerificate can still be used by providing custom If needed, SHA-1 cerificate can still be used by providing custom
verification profile to mbedtls_x509_crt_verify_with_profile function verification profile to mbedtls_x509_crt_verify_with_profile function
in x509_crt.h, or mbedtls_ssl_conf_cert_profile function in ssl.h. in x509_crt.h, or mbedtls_ssl_conf_cert_profile function in ssl.h.