ChangeLog - OpenGrok cross reference for /optee_os/lib/libmbedtls/mbedtls/ChangeLog

1874    * Drop support for RC4 TLS ciphersuites.
1875    * Drop support for single-DES ciphersuites.
2059      ciphersuites per version, which are no longer relevant. This removes the
2069    * Remove all the 3DES ciphersuites:
2214    * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
2630    * In (D)TLS record decryption, when using a CBC ciphersuites without the
3239    * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
3394      attack. In TLS, this affects servers that accept ciphersuites based on
3395      RSA decryption (i.e. ciphersuites whose name contains RSA but not
3453      implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
3496      padded records in case of CBC ciphersuites using Encrypt-then-MAC.
3601      mbedtls_ssl_get_record_expansion() in case of ChachaPoly ciphersuites,
3602      or CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913, #1914.
3624    * Fix a vulnerability in TLS ciphersuites based on CBC and using SHA-384,
3637    * Fix a vulnerability in TLS ciphersuites based on CBC, in (D)TLS 1.0 to
3647    * Add a counter-measure against a vulnerability in TLS ciphersuites based
3660    * Add support for CHACHA20-POLY1305 ciphersuites from RFC 7905.
3752    * Add support for ARIA cipher (RFC 5794) and associated TLS ciphersuites
3889      HMAC functions with non-HMAC ciphersuites. Independently contributed
3958    * Log correct number of ciphersuites used in Client Hello message. #918
5091    * A specific error is now returned when there are ciphersuites in common
5149    * Fix length checking for AEAD ciphersuites (found by Codenomicon).
5155    * Support for CCM and CCM_8 ciphersuites
5161    * Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
5166      ciphersuites to use and save some memory if the list is small.
5191      use with some ciphersuites and versions (RC4 in all versions, CBC with
5194      rejected with CBC-based ciphersuites and TLS >= 1.1
5196      to 32 bytes with CBC-based ciphersuites and TLS >= 1.1
5238      ciphersuites, for full SSL frames of data.
5386    * Support for ECDH-RSA and ECDH-ECDSA key exchanges and ciphersuites
5424    * Support for Camellia-GCM mode and ciphersuites
5445    * Support for Brainpool curves and TLS ciphersuites (RFC 7027)
5446    * Support for ECDHE-PSK key-exchange and ciphersuites
5447    * Support for RSA-PSK key-exchange and ciphersuites
5470     (ECDHE-based ciphersuites)
5472     (ECDSA-based ciphersuites)
5473    * Ability to specify allowed ciphersuites based on the protocol version.
5474    * PSK and DHE-PSK based ciphersuites added
5504    * Client and server now filter sent and accepted ciphersuites on minimum
5638    * Fix length checking for AEAD ciphersuites (found by Codenomicon).
5747    * Ability to specify allowed ciphersuites based on the protocol version.
5840      ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by
5883    * Renamed ciphersuites naming scheme to IANA reserved names
6185      of ssl_session have been renamed to ciphersuites and
6193      SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites
6336    * Added support for ciphersuites: SSL_RSA_CAMELLIA_128_SHA,