Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0

Update the default hash and curve selection for X.509 and TLS
2025-11-24 12:01:11 +03:00 · 2021-06-22 12:08:37 +02:00
parent 508d3a5824 39957503c5
commit 3e7ddb2bb6
16 changed files with 235 additions and 152 deletions
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -332,12 +332,22 @@ typedef void mbedtls_x509_crt_restart_ctx;
 /**
 * Default security profile. Should provide a good balance between security
 * and compatibility with current deployments.
+ *
+ * This profile permits:
+ * - SHA2 hashes with at least 256 bits: SHA-256, SHA-384, SHA-512.
+ * - Elliptic curves with 255 bits and above except secp256k1.
+ * - RSA with 2048 bits and above.
+ *
+ * New minor versions of Mbed TLS may extend this profile, for example if
+ * new algorithms are added to the library. New minor versions of Mbed TLS will
+ * not reduce this profile unless serious security concerns require it.
 */
 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;

 /**
 * Expected next default profile. Recommended for new deployments.
- * Currently targets a 128-bit security level, except for RSA-2048.
+ * Currently targets a 128-bit security level, except for allowing RSA-2048.
+ * This profile may change at any time.
 */
 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;