SHA-1 is allowed for handshake signatures by default Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 3257399efb7dd220f99c8ffb7a3ccfbe60a31970 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Mon Jun 21 09:53:25 2021 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Jun 21 09:54:03 2021 +0200
tree: 3efa44b7670adaacf28d0af04c6cb1eca8dfb3e7
parent: 169fa2336b69d89f0c2ed3fcfa35a2f6fe05d766 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index a8376a2..0abeb43 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -2269,7 +2269,9 @@
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
 /**
  * \brief          Set the allowed hashes for signatures during the handshake.
- *                 (Default: all SHA2 hashes, largest first.)
+ *                 (Default: all SHA-2 hashes, largest first. Also SHA-1 if
+ *                 the compile-time option
+ *                 `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is enabled.)
  *
  * \note           This only affects which hashes are offered and can be used
  *                 for signatures during the handshake. Hashes for message
commit	3257399efb7dd220f99c8ffb7a3ccfbe60a31970	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Jun 21 09:53:25 2021 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Jun 21 09:54:03 2021 +0200
tree	3efa44b7670adaacf28d0af04c6cb1eca8dfb3e7
parent	169fa2336b69d89f0c2ed3fcfa35a2f6fe05d766 [diff] [blame]