mirror of
https://github.com/ARMmbed/mbedtls.git
synced 2025-05-24 23:48:14 +08:00
ae270bf386
Upgrade the default list of hashes and curves allowed for TLS. The list is now aligned with X.509 certificate verification: hashes and curves with at least 255 bits (Curve25519 included), and RSA 2048 and above. Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE which would no longer do anything. Document more precisely what is allowed by default. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>