diff --git a/ChangeLog b/ChangeLog index 3b1ab53dc..4e037741d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,7 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites - from the default list (inactive by default). + from the default list (enabled by default). See + https://sweet32.info/SWEET32_CCS16.pdf. Bugfix * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0505e8993..4d337bff9 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -695,6 +695,13 @@ * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * them explicitly. * + * A man-in-the browser attacker can recover authentication tokens sent through + * a TLS connection using a 3DES based cipher suite (see "On the Practical + * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaƫtan + * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls + * in your threat model or you are unsure, then you should keep this option + * enabled to remove 3DES based cipher suites. + * * Comment this macro to keep 3DES in the default ciphersuite list. */ #define MBEDTLS_REMOVE_3DES_CIPHERSUITES