Prevent SLOTH attacks
diff --git a/ChangeLog b/ChangeLog
index f96786d..c7b39c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.4.x branch released 2016-xx-xx
+
+Security
+ * Removed MD5 from the allowed hash algorithms for CertificateRequest and
+ CertificateVerify messages, to prevent SLOTH attacks against TLS 1.2.
+
= mbed TLS 2.4.0 branch released 2016-10-17
Security
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 84a04ae..ee3cadb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7644,8 +7644,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1)
#if defined(MBEDTLS_MD5_C)
case MBEDTLS_SSL_HASH_MD5:
- ssl->handshake->calc_verify = ssl_calc_verify_tls;
- break;
+ return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH;
#endif
#if defined(MBEDTLS_SHA1_C)
case MBEDTLS_SSL_HASH_SHA1: