SHA-1 deprecation: allow it in key exchange By default, keep allowing SHA-1 in key exchange signatures. Disabling it causes compatibility issues, especially with clients that use TLS1.2 but don't send the signature_algorithms extension. SHA-1 is forbidden in certificates by default, since it's vulnerable to offline collision-based attacks.

commit: 5d2511c4d48eb197697466d1bd6b776cf09b0e7c [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri May 12 13:16:40 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 18:44:14 2017 +0200
tree: 9b24707cff6e4a677d456523ae6b132d334ce374
parent: 682df09159383c5456ea986220bdffe654d37583 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d551047..ddedabb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7162,7 +7162,7 @@
     MBEDTLS_MD_SHA256,
     MBEDTLS_MD_SHA224,
 #endif
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
+#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
     MBEDTLS_MD_SHA1,
 #endif
     MBEDTLS_MD_NONE
commit	5d2511c4d48eb197697466d1bd6b776cf09b0e7c	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri May 12 13:16:40 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 06 18:44:14 2017 +0200
tree	9b24707cff6e4a677d456523ae6b132d334ce374
parent	682df09159383c5456ea986220bdffe654d37583 [diff] [blame]