Remove SHA-1 in TLS by default Default to forbidding the use of SHA-1 in TLS where it is unsafe: for certificate signing, and as the signature hash algorithm for the TLS 1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the XXX_SHA ciphersuites and in the PRF for TLS <= 1.1. For easy backward compatibility for use in controlled environments, turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.

commit: 5e79cb3662c66f5b36165a54276d5edae0fce4de [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu May 04 16:17:21 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 18:44:13 2017 +0200
tree: 285cd6326ad043bdbc30d35ebdc43b95b0794c97
parent: 23b33f866356cddf1eb171c7d6582dcb58f7992c [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 234f145..4de9e85 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -85,9 +85,11 @@
  */
 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
 {
-    /* Hashes from SHA-1 and above */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
+    /* Allow SHA-1 (weak, but still safe in controlled environments) */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
+#endif
+    /* Only SHA-2 hashes */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
commit	5e79cb3662c66f5b36165a54276d5edae0fce4de	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu May 04 16:17:21 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 06 18:44:13 2017 +0200
tree	285cd6326ad043bdbc30d35ebdc43b95b0794c97
parent	23b33f866356cddf1eb171c7d6582dcb58f7992c [diff] [blame]