TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/archive/dev/relnotes / . / ChangeLog.d / default-curves.txt
blob: bfb0fd0e03095c3d3126e7a3d867cb2da133bfcb [file] [log] [blame]
Gilles Peskine3758fd62021-06-02 00:07:17 +0200[diff] [blame]1Default behavior changes
2 * Some default policies for X.509 certificate verification and TLS have
3 changed: curves and hashes weaker than 255 bits are no longer accepted
Gilles Peskineb1940a72021-06-02 15:18:12 +0200[diff] [blame]4 by default. The default order in TLS now favors faster curves over larger
5 curves.
Gilles Peskine3758fd62021-06-02 00:07:17 +0200[diff] [blame]6
7Removals
8 * Remove the compile-time option
9 MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.