SHA-1 deprecation: allow it in key exchange

By default, keep allowing SHA-1 in key exchange signatures. Disabling it causes compatibility issues, especially with clients that use TLS1.2 but don't send the signature_algorithms extension. SHA-1 is forbidden in certificates by default, since it's vulnerable to offline collision-based attacks.
2025-07-28 00:21:48 +03:00 · 2017-05-12 13:16:40 +02:00
parent 682df09159
commit 5d2511c4d4
7 changed files with 32 additions and 17 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7162,7 +7162,7 @@ static int ssl_preset_default_hashes[] = {
    MBEDTLS_MD_SHA256,
    MBEDTLS_MD_SHA224,
 #endif
-#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
+#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
    MBEDTLS_MD_SHA1,
 #endif
    MBEDTLS_MD_NONE
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -85,7 +85,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
 */
 const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
 {
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1)
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
    /* Allow SHA-1 (weak, but still safe in controlled environments) */
    MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
 #endif