Move subsection

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2021-06-30 18:43:49 +01:00
parent 2d05e0f440
commit 3f66943bdd

View file

@ -260,17 +260,6 @@ Alternative implementations of the SHA256 and SHA512 modules must adjust their f
Please also refer to the section [Low-level crypto](#low-level-crypto) for Please also refer to the section [Low-level crypto](#low-level-crypto) for
changes that could sit in either category. changes that could sit in either category.
### Remove 3DES ciphersuites
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
because the 3DES ciphersuites were disabled by that.
3DES has weaknesses/limitations and there are better alternatives, and more and
more standard bodies are recommending against its use in TLS.
The migration path here is to chose from the alternatives recommended in the
literature, such as AES.
### Deprecated error codes for hardware failures were removed ### Deprecated error codes for hardware failures were removed
- The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules - The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules
@ -1009,3 +998,14 @@ my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
``` ```
If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists. If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
### Remove 3DES ciphersuites
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
because the 3DES ciphersuites were disabled by that.
3DES has weaknesses/limitations and there are better alternatives, and more and
more standard bodies are recommending against its use in TLS.
The migration path here is to chose from the alternatives recommended in the
literature, such as AES.