stm32/mbedtls: Enable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.

This adds MBEDTLS_MD_SHA1 to the list of default hashes for TLS 1.2 handshake signatures. Although SHA-1 is weak, this option is turned on in the default mbedtls configuration file, and allows better compatibility with older servers. In particular it allows an stm32-mbedtls-based client to connect to an axtls-based client (eg default unix port and esp8266). Signed-off-by: Damien George <damien@micropython.org>
author: Damien George <damien@micropython.org> 2022-01-17 17:21:48 +1100
committer: Damien George <damien@micropython.org> 2022-01-17 17:35:04 +1100
commit: 5e506567a390db1b1d2df39ae192f39ed9f617c3 (patch)
tree: ef141abf4829f99d8dafbd89e6acf6dbf0916711 /ports/stm32/mbedtls/mbedtls_config.h
parent: 2c9dc5742abf1f3c787f166d2cbffb4b556ff77b (diff)
download: micropython-5e506567a390db1b1d2df39ae192f39ed9f617c3.tar.gz
micropython-5e506567a390db1b1d2df39ae192f39ed9f617c3.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/ports/stm32/mbedtls/mbedtls_config.h b/ports/stm32/mbedtls/mbedtls_config.h
index 56fbbf3aaf..904d08548f 100644
--- a/ports/stm32/mbedtls/mbedtls_config.h
+++ b/ports/stm32/mbedtls/mbedtls_config.h
@@ -82,6 +82,7 @@
 #define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 #define MBEDTLS_X509_CRT_PARSE_C
 #define MBEDTLS_X509_USE_C
author	Damien George <damien@micropython.org>	2022-01-17 17:21:48 +1100
committer	Damien George <damien@micropython.org>	2022-01-17 17:35:04 +1100
commit	5e506567a390db1b1d2df39ae192f39ed9f617c3 (patch)
tree	ef141abf4829f99d8dafbd89e6acf6dbf0916711 /ports/stm32/mbedtls/mbedtls_config.h
parent	2c9dc5742abf1f3c787f166d2cbffb4b556ff77b (diff)
download	micropython-5e506567a390db1b1d2df39ae192f39ed9f617c3.tar.gz micropython-5e506567a390db1b1d2df39ae192f39ed9f617c3.zip