Move subsection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
2d05e0f440
commit
3f66943bdd
1 changed files with 11 additions and 11 deletions
|
@ -260,17 +260,6 @@ Alternative implementations of the SHA256 and SHA512 modules must adjust their f
|
|||
Please also refer to the section [Low-level crypto](#low-level-crypto) for
|
||||
changes that could sit in either category.
|
||||
|
||||
### Remove 3DES ciphersuites
|
||||
|
||||
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
|
||||
because the 3DES ciphersuites were disabled by that.
|
||||
|
||||
3DES has weaknesses/limitations and there are better alternatives, and more and
|
||||
more standard bodies are recommending against its use in TLS.
|
||||
|
||||
The migration path here is to chose from the alternatives recommended in the
|
||||
literature, such as AES.
|
||||
|
||||
### Deprecated error codes for hardware failures were removed
|
||||
|
||||
- The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules
|
||||
|
@ -1009,3 +998,14 @@ my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
|
|||
```
|
||||
|
||||
If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
|
||||
|
||||
### Remove 3DES ciphersuites
|
||||
|
||||
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
|
||||
because the 3DES ciphersuites were disabled by that.
|
||||
|
||||
3DES has weaknesses/limitations and there are better alternatives, and more and
|
||||
more standard bodies are recommending against its use in TLS.
|
||||
|
||||
The migration path here is to chose from the alternatives recommended in the
|
||||
literature, such as AES.
|
||||
|
|
Loading…
Reference in a new issue