Drop single-DES ciphersuites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
parent
5224e29f0e
commit
7e37338dda
5 changed files with 1 additions and 38 deletions
|
@ -4,3 +4,4 @@ API changes
|
|||
* Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
|
||||
* Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
|
||||
* Drop support for RC4 TLS ciphersuites.
|
||||
* Drop single-DES ciphersuites.
|
||||
|
|
|
@ -661,10 +661,6 @@
|
|||
* Warning: Only do so when you know what you are doing. This allows for
|
||||
* channels with virtually no security at all!
|
||||
*
|
||||
* This enables the following ciphersuites:
|
||||
* MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
*
|
||||
* Uncomment this macro to enable weak ciphersuites
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
|
|
|
@ -702,10 +702,6 @@
|
|||
* Warning: Only do so when you know what you are doing. This allows for
|
||||
* channels with virtually no security at all!
|
||||
*
|
||||
* This enables the following ciphersuites:
|
||||
* MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
|
||||
*
|
||||
* Uncomment this macro to enable weak ciphersuites
|
||||
*
|
||||
* \warning DES is considered a weak cipher and its use constitutes a
|
||||
|
|
|
@ -42,11 +42,8 @@ extern "C" {
|
|||
#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01 /**< Weak! */
|
||||
#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02 /**< Weak! */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA 0x09 /**< Weak! Not in TLS 1.2 */
|
||||
|
||||
#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA 0x0A
|
||||
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA 0x15 /**< Weak! Not in TLS 1.2 */
|
||||
#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 0x16
|
||||
|
||||
#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C /**< Weak! */
|
||||
|
|
|
@ -266,10 +266,6 @@ static const int ciphersuite_preference[] =
|
|||
MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
|
||||
/* Weak suites */
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA,
|
||||
|
||||
/* NULL suites */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
|
@ -1671,29 +1667,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
|
||||
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
|
||||
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
{ MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
|
||||
MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
|
||||
MBEDTLS_CIPHERSUITE_WEAK },
|
||||
#endif /* MBEDTLS_SHA1_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#endif /* MBEDTLS_DES_C */
|
||||
#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
|
||||
|
||||
#if defined(MBEDTLS_ARIA_C)
|
||||
|
|
Loading…
Reference in a new issue