Remove SHA-1 in TLS by default
Default to forbidding the use of SHA-1 in TLS where it is unsafe: for
certificate signing, and as the signature hash algorithm for the TLS
1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the
XXX_SHA ciphersuites and in the PRF for TLS <= 1.1.
For easy backward compatibility for use in controlled environments,
turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.
diff --git a/ChangeLog b/ChangeLog
index cb543bd..3befcad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,15 @@
mbed TLS 2.x.x branch released xxxx-xx-xx
+Security
+
+ * SHA-1 deprecation: remove it from the default allowed hash
+ algorithms for certificate verification and TLS 1.2 handshake
+ signatures. It can be turned back on at compile time with
+ MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 or explicitly with ssl_conf functions.
+ * Removed RIPEMD-160 from the default hash algorithms for
+ certificate verification.
+
Bugfix
* Remove invalid use of size zero arrays in ECJPAKE test suite.
* Fix insufficient support for signature-hash-algorithm extension,