xref: /hypervisor/lib/crypto/mbedtls/ChangeLog

99    * Change the default behaviour of mbedtls_hkdf_extract() to return an error
141      (RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h
387      default enabled) maximum fragment length extension is disabled in the
389      is larger than the internal message buffer (16384 bytes by default), the
412    * Change default choice of DHE parameters from untrustworthy RFC 5114
476    * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters
578      (default: 8) intermediates, even when it was not trusted. This could be
580      (the default), the handshake was correctly aborted).
656    * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
715      suppressing the CA list in Certificate Request messages. The default
916      ECDSA was disabled in config.h . The leak didn't occur by default.
936    * Disabled SSLv3 in the default configuration.
948    * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
985      Disabled by default as the specification might still change.
1110    * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
1126      end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the
1274    * The default minimum TLS version is now TLS 1.0.
1275    * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
1276      default ciphersuite list returned by ssl_list_ciphersuites()
1277    * Support for receiving SSLv2 ClientHello is now disabled by default at
1279    * The default authmode for SSL/TLS clients is now REQUIRED.
1281      enabled in the default configuration, this is only noticeable if using a
1286    * Negotiation of truncated HMAC is now disabled by default on server too.
1348    * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
1350    * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
1416      not by default).
1445      while using the default ciphersuite list.
1473    * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
1484    * Example programs for SSL client and server now disable SSLv3 by default.
1485    * Example programs for SSL client and server now disable RC4 by default.
1550      from the default list (inactive by default).
1617    * Ciphersuites based on RC4 now have the lowest priority by default
1671    * Fixed malloc/free default #define in platform.c (found by Gergely Budai).
1691    * Option to set the Curve preference order (disabled by default)
1975      length of an X.509 verification chain (default = 8).
2105    * HAVEGE random generator disabled by default
2176      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
2229      default!
2306    * HAVEGE random generator disabled by default
2327      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
2497    * Reading of Public Key files incorporated into default x509
2735     * Enabled support for large files by default in aescrypt2.c
2760     * Disabled obsolete hash functions by default (MD2, MD4); updated

Last Index update Fri Aug 22 02:31:50 CST 2025