Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-24 08:16:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve documentation of MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT option

Browse source 
Explain more clearly when this option should be used and which versions of Mbed
TLS build on the non-compliant implementation.
This commit is contained in:
Hanno Becker 2017-11-21 17:20:17 +00:00
parent 909f9a389a
commit 563423fb21
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
include/mbedtls/config.h
View file

@ -1369,9 +1369,10 @@
* Fallback to old, non-conforming implementation of the truncated
* HMAC extension which also truncates the HMAC key.
*
* \warning This should only be enabled temporarily when the use
* of truncated HMAC is mandatory *and* the peer is an Mbed TLS
* stack that doesn't use the fixed implementation yet.
* \warning This should only be enabled temporarily when (1) the use of
* truncated HMAC is essential in order to save bandwidth, and
* (2) the peer is an Mbed TLS stack that doesn't use the fixed
* implementation yet (version number <= 2.6.0).
*
* Uncomment to fallback to old, non-compliant truncated HMAC implementation.
*