yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 17:25:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix wording of ChangeLog and 3DES_REMOVE docs

Browse Source
This commit is contained in:
Andres Amaya Garcia 2018-11-26 20:57:49 +00:00 committed by Manuel Pégourié-Gonnard
parent 5d8aade01d
commit 6882ec1521
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -4,7 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
Features Features
* Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
from the default list (inactive by default). from the default list (enabled by default). See
https://sweet32.info/SWEET32_CCS16.pdf.
Bugfix Bugfix
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined

7
include/mbedtls/config.h
View File

@ -695,6 +695,13 @@
* to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
* them explicitly. * them explicitly.
* *
* A man-in-the browser attacker can recover authentication tokens sent through
* a TLS connection using a 3DES based cipher suite (see "On the Practical
* (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
* Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
* in your threat model or you are unsure, then you should keep this option
* enabled to remove 3DES based cipher suites.
*
* Comment this macro to keep 3DES in the default ciphersuite list. * Comment this macro to keep 3DES in the default ciphersuite list.
*/ */
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES #define MBEDTLS_REMOVE_3DES_CIPHERSUITES