Change wording of warnings
This commit is contained in:
parent
f240ea0b50
commit
f9734b35b5
2 changed files with 25 additions and 27 deletions
|
@ -619,11 +619,11 @@
|
|||
* MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
|
||||
*
|
||||
* \warning The possibility for the use of custom groups
|
||||
* in the use of DHM in TLS constitutes a security
|
||||
* risk. If possible, it is recommended to use
|
||||
* EC-based key exchanges instead. See the documentation
|
||||
* at the top of dhm.h for more information.
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
|
||||
|
@ -725,11 +725,11 @@
|
|||
* MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
||||
* MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
*
|
||||
* \warning The possibility for the use of custom groups
|
||||
* in the use of DHM in TLS constitutes a security
|
||||
* risk. If possible, it is recommended to use
|
||||
* EC-based key exchanges instead. See the documentation
|
||||
* at the top of dhm.h for more information.
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
|
@ -1850,11 +1850,11 @@
|
|||
* This module is used by the following key exchanges:
|
||||
* DHE-RSA, DHE-PSK
|
||||
*
|
||||
* \warning The possibility for the use of custom groups
|
||||
* in the use of DHM in TLS constitutes a security
|
||||
* risk. If possible, it is recommended to use
|
||||
* EC-based key exchanges instead. See the documentation
|
||||
* at the top of dhm.h for more information.
|
||||
* \warning Using DHE constitutes a security risk as it
|
||||
* is not possible to validate custom DH parameters.
|
||||
* If possible, it is recommended users should consider
|
||||
* preferring other methods of key exchange.
|
||||
* See dhm.h for more details.
|
||||
*
|
||||
*/
|
||||
#define MBEDTLS_DHM_C
|
||||
|
|
|
@ -25,22 +25,20 @@
|
|||
* of non-safe primes both decreases the difficulty of the underlying
|
||||
* discrete logarithm problem and can lead to small subgroup attacks
|
||||
* leaking private exponent bits when invalid public keys are used
|
||||
* and not detected. This is especially relevant if the same DHM parameters
|
||||
* are reused for multiple key exchanges as in static DHM, while the
|
||||
* criticality of small-subgroup attacks is lower for ephemeral DHM.
|
||||
* and not detected. This is especially relevant if the same DHM
|
||||
* parameters are reused for multiple key exchanges as in static DHM,
|
||||
* while the criticality of small-subgroup attacks is lower for
|
||||
* ephemeral DHM.
|
||||
*
|
||||
* For performance reasons, the code does neither perform primality
|
||||
* nor safe primality tests, nor the expensive checks for invalid
|
||||
* subgroups.
|
||||
* subgroups. Moreover, even if these were performed, non-standardized
|
||||
* primes cannot be trusted because of the possibility of backdoors
|
||||
* that can't be effectively checked for.
|
||||
*
|
||||
* The possibility for the use of custom, non-safe primes in DHM
|
||||
* is a deficiency in the TLS protocol that has been adressed only
|
||||
* recently through the addition of the named group extension from
|
||||
* RFC 7919, which however is not yet implemented in Mbed TLS.
|
||||
*
|
||||
* If possible, we recommend to use elliptic curve based key
|
||||
* exchanges instead of DHM-based ones, because the former only
|
||||
* accepts standardized groups.
|
||||
* We therefore consider DHE a security risk. If possible, it is
|
||||
* recommended users should consider preferring other methods of
|
||||
* key exchange.
|
||||
*
|
||||
*/
|
||||
#ifndef MBEDTLS_DHM_H
|
||||
|
|
Loading…
Reference in a new issue