Leave the preference order for hashes unspecified

We don't seem to have strong feelings about this, so allow ourselves to change the order later. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Mbed-TLS · Jun 2, 2021 · 43bd329 · 43bd329
1 parent 68d02fb
commit 43bd329
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
@@ -2975,8 +2975,9 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
  * \note           By default, all supported hashes whose length is at least
  *                 256 bits are allowed. This is the same set as the default
  *                 for certificate verification
- *                 (#mbedtls_x509_crt_profile_default). Larger hashes are
- *                 preferred.
+ *                 (#mbedtls_x509_crt_profile_default).
+ *                 The preference order is currently unspecified and may
+ *                 change in future versions.
  *
  * \param conf     SSL configuration
  * \param hashes   Ordered list of allowed signature hashes,

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
@@ -6142,8 +6142,8 @@ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
 /* The selection should be the same as mbedtls_x509_crt_profile_default in
- * x509_crt.c. Here, the order matters: larger hashes first, for consistency
- * with curves.
+ * x509_crt.c. Here, the order matters. Currently we favor stronger hashes,
+ * for no fundamental reason.
  * See the documentation of mbedtls_ssl_conf_curves() for what we promise
  * about this list. */
 static int ssl_preset_default_hashes[] = {