Gilles Peskine b1940a76ad In TLS, order curves by resource usage, not size ... TLS used to prefer larger curves, under the idea that a larger curve has a higher security strength and is therefore harder to attack. However, brute force attacks are not a practical concern, so this was not particularly meaningful. If a curve is considered secure enough to be allowed, then we might as well use it. So order curves by resource usage. The exact definition of what this means is purposefully left open. It may include criteria such as performance and memory usage. Risk of side channels could be a factor as well, although it didn't affect the current choice. The current list happens to exactly correspond to the numbers reported by one run of the benchmark program for "full handshake/s" on my machine. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>		2021-06-17 21:46:29 +02:00
..
00README
ccm-alt.md	Add migration guide for developers of CCM alternative implementation	2021-06-01 09:07:46 +02:00
cipher-delayed-output.md	Fix some typos	2021-06-01 09:40:53 +02:00
combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md	Adding removed defines to check_config.h and fixing the migration guide entry.	2021-05-31 12:58:25 +02:00
csr-add-critical-extension.md	Expose flag for critical extensions	2021-05-27 14:27:43 +02:00
default-curves.md	In TLS, order curves by resource usage, not size	2021-06-17 21:46:29 +02:00
gcm-alt.md	Add migration guides for GCM	2021-05-20 11:51:46 +02:00
gcm-multipart.md	Reorder the text to say who is affected first	2021-05-20 12:11:19 +02:00
max-record-payload-api.md	Add migration guide	2021-05-23 06:03:55 +01:00
modify_MBEDTLS_ECP_FIXED_POINT_OPTIM_behaviour.md	fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM	2021-06-03 15:47:40 +08:00
modify_SHA384_option_behaviour.md	Improve migration guide for SHA384 option	2021-05-20 13:52:48 +02:00
relaxed-psk-semantics.md	Fix typo in migration guide	2021-05-28 09:54:31 +01:00
remove-enable-weak-ciphersuites.md
remove-max-content-len.md	Remove MBEDTLS_SSL_MAX_CONTENT_LEN option	2021-05-10 17:02:48 +01:00
remove-null-entropy.md	Provide more in-depth migration guide after removal of null entropy.	2021-05-19 16:35:51 +02:00
remove-rsa-mode-parameter.md	Corrections to ChangeLog and Migration guide	2021-05-25 15:00:19 +01:00
Remove_3DES_ciphersuites.md	Remove 3DES ciphersuites	2021-05-31 12:11:53 +02:00
remove_deprecated_functions_and_constants.md	Fix migration guide for now-removed deprecated functions	2021-06-08 07:50:55 +01:00
remove_mbedtls_check_params_option.md	Changes after code review	2021-05-27 17:34:14 +02:00
remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md	Correction to the migr. guide wording and removal of not needed option	2021-06-09 13:31:42 +02:00
remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md	Correction to the migration guide entry wording	2021-06-09 16:54:20 +02:00
remove_SSL_DTLS_BADMAC_LIMIT_option.md	Addition of the migration guide entry.	2021-05-26 15:29:36 +02:00
remove_ssl_record_checking.md	New line added at the end of the migration guide entry	2021-05-17 11:16:52 +02:00
remove_supp_for_extensions_in_pre-v3_X_509_certs.md	Changing the migration guide entry wording.	2021-05-31 13:12:16 +02:00
remove_support_for_tls_1.0_1.1_and_dtls_1.0.md	Editorial improvements	2021-06-07 12:00:04 +02:00
rename_the__ret_functions.md	Corrections to the docs wording and changes to aux scripts	2021-06-15 00:18:32 +02:00
rsa-padding.md	Improve migration guide	2021-06-09 10:54:14 +02:00
separate_SHA224_from_SHA256.md	Add migration guide for SHA384 and SHA224 options.	2021-05-19 13:22:53 +02:00
session-cache-api.md	Add migration guide	2021-05-18 05:27:18 +01:00
sha512-output-type.md	Change sha256 output type from an array to a pointer	2021-05-13 00:46:29 +02:00
ssl-error-code-cleanup.md	Add migration guide	2021-05-14 17:10:27 +01:00
turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md	Correction according to code review (function and param. names change	2021-06-14 13:46:21 +02:00