Prevent SLOTH attacks

commit: 182013faf46b8a33e884da9712355c11b9831c8d [log] [tgz]
author: Janos Follath <janos.follath@arm.com> Tue Oct 25 10:50:22 2016 +0100
committer: Simon Butcher <simon.butcher@arm.com> Wed Feb 15 23:29:32 2017 +0200
tree: 7e71e8dc0b3d8b589057bf61a6411491bcfeae35
parent: 0eced5aae5b0e6af98135c2b315a7bee776c757c [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index b604ed4..f24186b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,10 @@
 
 = mbed TLS 2.x.x branch released xxxx-xx-xx
 
+Security
+   * Removed MD5 from the allowed hash algorithms for CertificateRequest and
+     CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
+
 Bugfix
    * Fix the redefinition of macro ssl_set_bio to an undefined symbol
      mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.
commit	182013faf46b8a33e884da9712355c11b9831c8d	[log] [tgz]
author	Janos Follath <janos.follath@arm.com>	Tue Oct 25 10:50:22 2016 +0100
committer	Simon Butcher <simon.butcher@arm.com>	Wed Feb 15 23:29:32 2017 +0200
tree	7e71e8dc0b3d8b589057bf61a6411491bcfeae35
parent	0eced5aae5b0e6af98135c2b315a7bee776c757c [diff] [blame]