TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5e9f14d4d988222aacb49b8eb15eedd266e9f147^! / . / ChangeLog
commit5e9f14d4d988222aacb49b8eb15eedd266e9f147[log] [tgz]
authorRon Eldor <Ron.Eldor@arm.com>Sun May 28 10:46:38 2017 +0300
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Jan 22 22:06:44 2018 +0100
treec80a01193be3b5bcfebe9c5ff6ec71a883b7a55f
parent297d7535fb7f325507a4c35104f11000c613bbc4 [diff] [blame]
Set correct minimal versions in default conf

Set `MBEDTLS_SSL_MIN_MAJOR_VERSION` and `MBEDTLS_SSL_MIN_MINOR_VERSION`
instead of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`

diff --git a/ChangeLog b/ChangeLog
index a6fa6bb..6dab645 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -41,17 +41,6 @@
    * Direct manipulation of structure fields of RSA contexts is deprecated.
      Users are advised to use the extended RSA API instead.
 
-API Changes
-   * Extend RSA interface by multiple functions allowing structure-
-     independent setup and export of RSA contexts. Most notably,
-     mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
-     up RSA contexts from partial key material and having them completed to the
-     needs of the implementation automatically. This allows to setup private RSA
-     contexts from keys consisting of N,D,E only, even if P,Q are needed for the
-     purpose or CRT and/or blinding.
-   * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
-     implementations of the RSA interface declared in rsa.h.
-
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
@@ -101,6 +90,10 @@
      RSA test suite where the failure of CTR DRBG initialization lead to
      freeing an RSA context and several MPI's without proper initialization
      beforehand.
+   * Fix setting version TLSv1 as minimal version, even if TLS 1
+     is not enabled. Set `MBEDTLS_SSL_MIN_MAJOR_VERSION`
+     and `MBEDTLS_SSL_MIN_MINOR_VERSION` instead
+     of `MBEDTLS_SSL_MAJOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_1`
 
 Changes
    * Extend cert_write example program by options to set the CRT version
@@ -114,6 +107,17 @@
    * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the
      undeclared dependency of the RSA module on the ASN.1 module.
 
+API Changes
+   * Extend RSA interface by multiple functions allowing structure-
+     independent setup and export of RSA contexts. Most notably,
+     mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting
+     up RSA contexts from partial key material and having them completed to the
+     needs of the implementation automatically. This allows to setup private RSA
+     contexts from keys consisting of N,D,E only, even if P,Q are needed for the
+     purpose or CRT and/or blinding.
+   * The configuration option MBEDTLS_RSA_ALT can be used to define alternative
+     implementations of the RSA interface declared in rsa.h.
+
 = mbed TLS 2.6.0 branch released 2017-08-10
 
 Security