lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-02 09:33:20 +03:00
Code Activity

Document more precisely what goes into the default profile

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2021-06-07 21:24:26 +02:00
parent 62da8ac37a
commit 0ecd719edf
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
include/mbedtls/x509_crt.h
View File

@@ -263,12 +263,21 @@ typedef void mbedtls_x509_crt_restart_ctx;
/**
* Default security profile. Should provide a good balance between security
* and compatibility with current deployments.
*
* This profile permits:
* - SHA2 hashes.
* - All supported elliptic curves.
* - RSA with 2048 bits and above.
*
* New minor versions of Mbed TLS may extend this profile, for example if
* new curves are added to the library. New minor versions of Mbed TLS will
* not reduce this profile unless serious security concerns require it.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
/**
* Expected next default profile. Recommended for new deployments.
* Currently targets a 128-bit security level, except for RSA-2048.
* Currently targets a 128-bit security level, except for allowing RSA-2048.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;