ChangeLog - OpenGrok cross reference for /mbedtls-latest/ChangeLog

Lines Matching refs:default
31    * By default, the handling of TLS 1.3 tickets by the Mbed TLS client is now
86      of increased code size. This option is off by default, but enabled in
87      the default mbedtls_config.h. Fixes #9216.
162      the default configuration connecting to a TLS 1.3 server sending tickets.
329      the mbedtls_ssl_conf_early_data() API (by default disabled in both cases).
343      to PSA functions is now secure by default.
451      improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly
456    * The TLS 1.3 protocol is now enabled in the default configuration.
595      By default, all groups are offered; the list of groups can be
768      this call accidentally applied a default padding mode chosen at compile
782    * The default priority order of TLS 1.3 cipher suites has been modified to
879      attacks. This is configured by MBEDTLS_AESCE_C, which is on by default.
881    * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on
979    * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2.
982      To fix the performance degradation when using default values the
994      of the IETF draft, and was marked experimental and disabled by default.
1081      MBEDTLS_SSL_DTLS_CONNECTION_ID (enabled by default) and configured with
1275      MBEDTLS_PSA_CRYPTO_CONFIG_FILE instead of the default psa/crypto_config.h.
1805    * Enable by default the functionalities which have no reason to be disabled.
1808    * Some default policies for X.509 certificate verification and TLS have
1810      by default. The default order in TLS now favors faster curves over larger
1830      compile-time option, which was off by default. Users should not trust
1862    * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its
2075      differences from the default configuration, but had accidentally diverged.
2084    * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
2140      CTR_DRBG is used by default if it is available, but you can override
2149      can exist simultaneously. It has a sensible default if not overridden.
2267      clashes.  The default value of this variable is "", so default target names
2348    * Correct the default IV size for mbedtls_cipher_info_t structures using
2643      (which it is by default).
2736      default configuration, on a platform with a single entropy source, the
2766      initial seeding. The default nonce length is chosen based on the key size
2984      MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
3006    * Fix incorrect default port number in ssl_mail_client example's usage.
3021    * Server's RSA certificate in certs.c was SHA-1 signed. In the default
3030    * Remove dead code from bignum.c in the default configuration.
3047      from the default list (enabled by default). See
3055      option MBEDTLS_SSL_KEEP_PEER_CERTIFICATE (enabled by default for
3118    * Ciphersuites based on 3DES now have the lowest priority by default when
3130      disabled by default. See its API documentation in config.h for additional
3152      that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default
3153      is off. That means that checks which were previously present by default
3255      block other operations until they complete. This is disabled by default,
3312    * Change the default string format used for various X.509 DN attributes to
3328    * Change the dtls_client and dtls_server samples to work by default over
3334      X.509 DNs. Previously, DN attributes were always written in their default
3378      enabled by default.
3386      the use of datagram packing (enabled by default).
3518    * Change the default behaviour of mbedtls_hkdf_extract() to return an error
3560      (RFC 6209). Disabled by default, see MBEDTLS_ARIA_C in config.h
3806      default enabled) maximum fragment length extension is disabled in the
3808      is larger than the internal message buffer (16384 bytes by default), the
3831    * Change default choice of DHE parameters from untrustworthy RFC 5114
3895    * Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters
3997      (default: 8) intermediates, even when it was not trusted. This could be
3999      (the default), the handshake was correctly aborted).
4075    * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
4134      suppressing the CA list in Certificate Request messages. The default
4335      ECDSA was disabled in config.h . The leak didn't occur by default.
4355    * Disabled SSLv3 in the default configuration.
4367    * Disable MD5 handshake signatures in TLS 1.2 by default to prevent the
4404      Disabled by default as the specification might still change.
4529    * Fix bug in mbedtls_ssl_conf_default() that caused the default preset to
4545      end of the default config.h by defining MBEDTLS_USER_CONFIG_FILE on the
4693    * The default minimum TLS version is now TLS 1.0.
4694    * RC4 is now blacklisted by default in the SSL/TLS layer, and excluded from the
4695      default ciphersuite list returned by ssl_list_ciphersuites()
4696    * Support for receiving SSLv2 ClientHello is now disabled by default at
4698    * The default authmode for SSL/TLS clients is now REQUIRED.
4700      enabled in the default configuration, this is only noticeable if using a
4705    * Negotiation of truncated HMAC is now disabled by default on server too.
4767    * Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
4769    * Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
4835      not by default).
4864      while using the default ciphersuite list.
4892    * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
4903    * Example programs for SSL client and server now disable SSLv3 by default.
4904    * Example programs for SSL client and server now disable RC4 by default.
4969      from the default list (inactive by default).
5036    * Ciphersuites based on RC4 now have the lowest priority by default
5090    * Fixed malloc/free default #define in platform.c (found by Gergely Budai).
5110    * Option to set the Curve preference order (disabled by default)
5394      length of an X.509 verification chain (default = 8).
5524    * HAVEGE random generator disabled by default
5595      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5648      default!
5725    * HAVEGE random generator disabled by default
5746      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL
5916    * Reading of Public Key files incorporated into default x509
6154     * Enabled support for large files by default in aescrypt2.c
6179     * Disabled obsolete hash functions by default (MD2, MD4); updated