Skip to content

Commit

Permalink
stm32/mbedtls: Enable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
Browse files Browse the repository at this point in the history 
This adds MBEDTLS_MD_SHA1 to the list of default hashes for TLS 1.2
handshake signatures.  Although SHA-1 is weak, this option is turned on in
the default mbedtls configuration file, and allows better compatibility
with older servers.  In particular it allows an stm32-mbedtls-based client
to connect to an axtls-based client (eg default unix port and esp8266).

Signed-off-by: Damien George <damien@micropython.org>
  • Loading branch information
@dpgeorge
dpgeorge committed Jan 17, 2022
1 parent 2c9dc57 commit 5e50656
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions ports/stm32/mbedtls/mbedtls_config.h
View file
Expand Up @@ -82,6 +82,7 @@
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C

Expand Down

0 comments on commit 5e50656

Please sign in to comment.