Remove SHA-1 in TLS by default Default to forbidding the use of SHA-1 in TLS where it is unsafe: for certificate signing, and as the signature hash algorithm for the TLS 1.2 handshake signature. SHA-1 remains allowed in HMAC-SHA-1 in the XXX_SHA ciphersuites and in the PRF for TLS <= 1.1. For easy backward compatibility for use in controlled environments, turn on the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 compiled-time option.

commit: 955738a4f254073b5ceb9b64dcf2d8465703889d [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu May 04 16:17:21 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 19:08:19 2017 +0200
tree: 41f96857bcdfaa2cc8ae35b97079a5b0fe58c078
parent: cd6e4d5bccf939318cea4c639361ef634c96722f [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index a889337..59fdf97 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -11,6 +11,12 @@
    * Wipe stack buffers in RSA private key operations
      (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
      Found by Laurent Simon.
+   * SHA-1 deprecation: remove it from the default allowed hash
+     algorithms for certificate verification and TLS 1.2 handshake
+     signatures. It can be turned back on at compile time with
+     MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 or explicitly with ssl_conf functions.
+   * Removed RIPEMD-160 from the default hash algorithms for
+     certificate verification.
 
 Bugfix
    * Remove macros from compat-1.3.h that correspond to deleted items from most
commit	955738a4f254073b5ceb9b64dcf2d8465703889d	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu May 04 16:17:21 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Jun 06 19:08:19 2017 +0200
tree	41f96857bcdfaa2cc8ae35b97079a5b0fe58c078
parent	cd6e4d5bccf939318cea4c639361ef634c96722f [diff] [blame]