mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-04-17 11:43:37 +00:00
16 lines
756 B
Plaintext
16 lines
756 B
Plaintext
Removals
|
|
* Remove optional SHA-1 in the default TLS configuration for certificate
|
|
signing. This feature was ment to be available only temporarily.
|
|
Users are expected to use SHA-2 instead, since SHA-1 is currently
|
|
considered a security risk.
|
|
If needed, SHA-1 cerificate can still be used by providing custom
|
|
verification profile to mbedtls_x509_crt_verify_with_profile function
|
|
in x509_crt.h, or mbedtls_ssl_conf_cert_profile function in ssl.h.
|
|
Example of custom verification profile, supporting SHA-1:
|
|
const mbedtls_x509_crt_profile mbedtls_x509_crt_custom = {
|
|
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ),
|
|
0xFFFFFFF, /* Any PK alg */
|
|
0xFFFFFFF, /* Any curve */
|
|
2048
|
|
};
|