Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites

Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
2025-07-30 22:43:08 +03:00 · 2021-05-04 17:20:36 +02:00
parent cae1fd0392 d5d04962ef
commit 98d00d06a0
7 changed files with 16 additions and 46 deletions
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -659,8 +659,7 @@
 * Warning: Only do so when you know what you are doing. This allows for
 * encryption or channels without any security!
 *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
+ * To enable the following ciphersuites:
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
@ -708,20 +707,6 @@
 */
 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

-/**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
 /**
 * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
 *