commit 47229c7cbbc78cb58f80c7e729049996f2776d14
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Dec 04 15:02:56 2015 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Dec 04 15:02:56 2015 +0100
tree 134a737aaf4f62bf8596b9a4a158204b9878ec50
parent 1630888aa080f8421a2d8de1f5477c2b347ce53d

Disable MD5 in handshake signatures by default

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c18a3b4..1aaa195 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7071,6 +7071,21 @@
     memset( conf, 0, sizeof( mbedtls_ssl_config ) );
 }
 
+static int ssl_preset_default_hashes[] = {
+#if defined(MBEDTLS_SHA512_C)
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+    MBEDTLS_MD_SHA1,
+#endif
+    MBEDTLS_MD_NONE
+};
+
 static int ssl_preset_suiteb_ciphersuites[] = {
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -7227,7 +7242,7 @@
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
-            conf->sig_hashes = mbedtls_md_list();
+            conf->sig_hashes = ssl_preset_default_hashes;
 #endif
 
 #if defined(MBEDTLS_ECP_C)