Disable MD5 in handshake signatures by default
diff --git a/ChangeLog b/ChangeLog
index 8a736f9..744cb68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.2.1 released 2015-12-xx
+
+Security
+ * Disable MD5 for handshake signatures by default.
+
= mbed TLS 2.2.0 released 2015-11-04
Security
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 810409c..7d66699 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1610,7 +1610,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
- * (Default: all available hashes.)
+ * (Default: all available hashes except MD5.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c18a3b4..1aaa195 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7071,6 +7071,21 @@
memset( conf, 0, sizeof( mbedtls_ssl_config ) );
}
+static int ssl_preset_default_hashes[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ MBEDTLS_MD_SHA1,
+#endif
+ MBEDTLS_MD_NONE
+};
+
static int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -7227,7 +7242,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
- conf->sig_hashes = mbedtls_md_list();
+ conf->sig_hashes = ssl_preset_default_hashes;
#endif
#if defined(MBEDTLS_ECP_C)