mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 01:45:48 +01:00
Disable RC4 by default in the library
This commit is contained in:
parent
391af97a71
commit
849b174e57
@ -26,6 +26,7 @@ Changes
|
|||||||
* Remove test program o_p_test, the script compat.sh does more.
|
* Remove test program o_p_test, the script compat.sh does more.
|
||||||
* Remove test program ssl_test, superseded by ssl-opt.sh.
|
* Remove test program ssl_test, superseded by ssl-opt.sh.
|
||||||
* Remove helper script active-config.pl
|
* Remove helper script active-config.pl
|
||||||
|
* RC4 is now disabled by default in the SSL/TLS layer.
|
||||||
|
|
||||||
= mbed TLS 1.3 branch
|
= mbed TLS 1.3 branch
|
||||||
|
|
||||||
|
@ -1784,10 +1784,10 @@ void ssl_set_extended_master_secret( ssl_context *ssl, char ems );
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Disable or enable support for RC4
|
* \brief Disable or enable support for RC4
|
||||||
* (Default: SSL_ARC4_ENABLED)
|
* (Default: SSL_ARC4_DISABLED)
|
||||||
*
|
*
|
||||||
* \note Though the default is RC4 for compatibility reasons in the
|
* \warning Use of RC4 in (D)TLS has been prohibited by RFC ????
|
||||||
* 1.3 branch, the recommended value is SSL_ARC4_DISABLED.
|
* for security reasons. Use at your own risks.
|
||||||
*
|
*
|
||||||
* \note This function will likely be removed in future versions as
|
* \note This function will likely be removed in future versions as
|
||||||
* RC4 will then be disabled by default at compile time.
|
* RC4 will then be disabled by default at compile time.
|
||||||
|
@ -4908,6 +4908,8 @@ int ssl_init( ssl_context *ssl )
|
|||||||
|
|
||||||
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
|
ssl_set_ciphersuites( ssl, ssl_list_ciphersuites() );
|
||||||
|
|
||||||
|
ssl_set_arc4_support( ssl, SSL_ARC4_DISABLED );
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
#if defined(POLARSSL_SSL_RENEGOTIATION)
|
||||||
ssl->renego_max_records = SSL_RENEGO_MAX_RECORDS_DEFAULT;
|
ssl->renego_max_records = SSL_RENEGO_MAX_RECORDS_DEFAULT;
|
||||||
memset( ssl->renego_period, 0xFF, 7 );
|
memset( ssl->renego_period, 0xFF, 7 );
|
||||||
|
Loading…
Reference in New Issue
Block a user