commit 7344e1bd05a9ef0f7deb3100fe312d4f4bf05594
author Gilles Peskine <Gilles.Peskine@arm.com> Fri May 12 13:16:40 2017 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Jun 06 19:09:02 2017 +0200
tree f6d070a9979359004cf0af695672d7ad58850335
parent db56acae43d028705e37172277c17001fab97b1d

SHA-1 deprecation: allow it in key exchange

By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f2f08c7..bcefe95 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7043,7 +7043,7 @@
     MBEDTLS_MD_SHA256,
     MBEDTLS_MD_SHA224,
 #endif
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
+#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
     MBEDTLS_MD_SHA1,
 #endif
     MBEDTLS_MD_NONE

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index ca3a7d0..92ab38d 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -85,7 +85,7 @@
  */
 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
 {
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
     /* Allow SHA-1 (weak, but still safe in controlled environments) */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
 #endif