diff options
author | Thomas Daubney <thomas.daubney@arm.com> | 2021-06-18 10:46:12 +0100 |
---|---|---|
committer | Thomas Daubney <thomas.daubney@arm.com> | 2021-06-18 10:46:12 +0100 |
commit | 379227cc596d8dbb293c8056e7c6ed9abe9724be (patch) | |
tree | 3023cd5ae2f16c582ec7bc1e21edb38dc85090f7 /ChangeLog | |
parent | a42bf29b2c125f10a01fad34f2e287ed44c39aa8 (diff) | |
download | mbedtls-379227cc596d8dbb293c8056e7c6ed9abe9724be.zip mbedtls-379227cc596d8dbb293c8056e7c6ed9abe9724be.tar.gz mbedtls-379227cc596d8dbb293c8056e7c6ed9abe9724be.tar.bz2 |
Modifies ChangeLog and Migration Guide
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 12 |
1 files changed, 0 insertions, 12 deletions
@@ -32,8 +32,6 @@ API changes * Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO). * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3). - * Drop support for compatibility with our own previous buggy - implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT). * Drop support for RC4 TLS ciphersuites. * Drop support for single-DES ciphersuites. @@ -1688,16 +1686,6 @@ Changes = mbed TLS 2.8.0 branch released 2018-03-16 -Default behavior changes - * The truncated HMAC extension now conforms to RFC 6066. This means - that when both sides of a TLS connection negotiate the truncated - HMAC extension, Mbed TLS can now interoperate with other - compliant implementations, but this breaks interoperability with - prior versions of Mbed TLS. To restore the old behavior, enable - the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in - config.h. Found by Andreas Walz (ivESK, Offenburg University of - Applied Sciences). - Security * Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the |