Move subsection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
parent
2d05e0f440
commit
3f66943bdd
1 changed files with 11 additions and 11 deletions
|
@ -260,17 +260,6 @@ Alternative implementations of the SHA256 and SHA512 modules must adjust their f
|
||||||
Please also refer to the section [Low-level crypto](#low-level-crypto) for
|
Please also refer to the section [Low-level crypto](#low-level-crypto) for
|
||||||
changes that could sit in either category.
|
changes that could sit in either category.
|
||||||
|
|
||||||
### Remove 3DES ciphersuites
|
|
||||||
|
|
||||||
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
|
|
||||||
because the 3DES ciphersuites were disabled by that.
|
|
||||||
|
|
||||||
3DES has weaknesses/limitations and there are better alternatives, and more and
|
|
||||||
more standard bodies are recommending against its use in TLS.
|
|
||||||
|
|
||||||
The migration path here is to chose from the alternatives recommended in the
|
|
||||||
literature, such as AES.
|
|
||||||
|
|
||||||
### Deprecated error codes for hardware failures were removed
|
### Deprecated error codes for hardware failures were removed
|
||||||
|
|
||||||
- The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules
|
- The macros `MBEDTLS_ERR_xxx_FEATURE_UNSUPPORTED` from various crypto modules
|
||||||
|
@ -1009,3 +998,14 @@ my_profile.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 );
|
||||||
```
|
```
|
||||||
|
|
||||||
If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
|
If you still need to allow hashes and curves in TLS that have been removed from the default configuration, call `mbedtls_ssl_conf_sig_hashes()` and `mbedtls_ssl_conf_curves()` with the desired lists.
|
||||||
|
|
||||||
|
### Remove 3DES ciphersuites
|
||||||
|
|
||||||
|
This change does not affect users using default settings for 3DES in `mbedtls_config.h`
|
||||||
|
because the 3DES ciphersuites were disabled by that.
|
||||||
|
|
||||||
|
3DES has weaknesses/limitations and there are better alternatives, and more and
|
||||||
|
more standard bodies are recommending against its use in TLS.
|
||||||
|
|
||||||
|
The migration path here is to chose from the alternatives recommended in the
|
||||||
|
literature, such as AES.
|
||||||
|
|
Loading…
Reference in a new issue