ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

1917    * Drop support for RC4 TLS ciphersuites.
1918    * Drop support for single-DES ciphersuites.
2102      ciphersuites per version, which are no longer relevant. This removes the
2112    * Remove all the 3DES ciphersuites:
2257    * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
2673    * In (D)TLS record decryption, when using a CBC ciphersuites without the
3282    * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
3437      attack. In TLS, this affects servers that accept ciphersuites based on
3438      RSA decryption (i.e. ciphersuites whose name contains RSA but not
3496      implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
3539      padded records in case of CBC ciphersuites using Encrypt-then-MAC.
3644      mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
3645      or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
3667    * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
3680    * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
3690    * Add a counter-measure against a vulnerability in TLS ciphersuites based
3703    * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
3795    * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites
3932      HMAC functions with non-HMAC ciphersuites. Independently contributed
4001    * Log correct number of ciphersuites used in Client Hello message. #918
5134    * A specific error is now returned when there are ciphersuites in common
5192    * Fix length checking for AEAD ciphersuites (found by Codenomicon).
5198    * Support for CCM and CCM_8 ciphersuites
5204    * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
5209      ciphersuites to use and save some memory if the list is small.
5234      use with some ciphersuites and versions (RC4 in all versions, CBC with
5237      rejected with CBC-based ciphersuites and TLS >= 1.1
5239      to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
5281      ciphersuites, for full SSL frames of data.
5429    * Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites
5467    * Support for Camellia-GCM mode and ciphersuites
5488    * Support for Brainpool curves and TLS ciphersuites (RFC 7027)
5489    * Support for ECDHE-PSK key-exchange and ciphersuites
5490    * Support for RSA-PSK key-exchange and ciphersuites
5513     (ECDHE-based ciphersuites)
5515     (ECDSA-based ciphersuites)
5516    * Ability to specify allowed ciphersuites based on the protocol version.
5517    * PSK and DHE-PSK based ciphersuites added
5547    * Client and server now filter sent and accepted ciphersuites on minimum
5681    * Fix length checking for AEAD ciphersuites (found by Codenomicon).
5790    * Ability to specify allowed ciphersuites based on the protocol version.
5883      ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
5926    * Renamed ciphersuites naming scheme to IANA reserved names
6228      of ssl_session have been renamed to ciphersuites and
6236      SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
6379    * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA,