Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mbedTLS: disable weak crypto and TLS versions. #76838

Closed
wants to merge 1 commit into from
Closed

mbedTLS: disable weak crypto and TLS versions. #76838

wants to merge 1 commit into from

Conversation

Faless
Copy link
Collaborator

@Faless Faless commented May 8, 2023

This commit disables most weak crypto options in mbedTLS (with the notable exceptions of MD5 and SHA-1).

This commit also disables support for TLS versions 1.0 and 1.1 (with TLSv1.2 currently being the only supported version).

@Faless Faless added this to the 4.1 milestone May 8, 2023
@Faless Faless requested a review from a team as a code owner May 8, 2023 12:26
@akien-mga
Copy link
Member

I guess we should make this a patch file so we can easily re-apply this config change when updating mbedtls (since otherwise we use the stock upstream config.h here).

@akien-mga
Copy link
Member

You should be able to fix the static checks by rebasing on latest master, it seems like the command I use to get the list of files changed in the PR also includes the files changed in master not part of the PR branch :(

@Faless
mbedTLS: disable weak crypto and TLS versions.
7517641 
This commit disables most weak crypto options in mbedTLS (with the
notable exceptions of MD5 and SHA-1).

This commit also disables support for TLS versions 1.0 and 1.1 (with
TLSv1.2 currently being the only supported version).
@akien-mga
Copy link
Member

Seems like my logic to ignore thirdparty in codespell checks still has flaws, I'll have a look.

@akien-mga
Copy link
Member

Should be fixed by #76903, if you can rebase again :)

@Faless Faless mentioned this pull request May 10, 2023
Merged
@Faless
Copy link
Collaborator Author

Faless commented May 10, 2023

I guess we should make this a patch file so we can easily re-apply this config change when updating mbedtls (since otherwise we use the stock upstream config.h here).

Ah, that's right, for some reasons I remembered it to be auto-generated, then I think we should handle this differently , see #76905

@akien-mga
Copy link
Member

Superseded by #76905.

@akien-mga akien-mga closed this May 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akien-mga akien-mga akien-mga approved these changes

Assignees
No one assigned
Labels
archived enhancement topic:network topic:thirdparty
Projects
None yet
Milestone
4.1
Development

Successfully merging this pull request may close these issues.
2 participants
@Faless @akien-mga