From 7321307f6e975b5892246030dcf9cc7444b067d1 Mon Sep 17 00:00:00 2001 From: Kapil Gupta Date: Thu, 29 Dec 2022 15:13:34 +0530 Subject: [PATCH] Removed sha384 hash for certs > 2k --- .../wpa_supplicant/src/crypto/tls_mbedtls.c | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c index 61e397511c..f5acfa9e62 100644 --- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c @@ -254,9 +254,6 @@ static void tls_enable_sha1_config(tls_context_t *tls) static const int eap_ciphersuite_preference[] = { #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) - MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, -#endif #if defined(MBEDTLS_CCM_C) MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, #endif @@ -264,9 +261,6 @@ static const int eap_ciphersuite_preference[] = MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, #endif -#if defined(MBEDTLS_GCM_C) - MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, -#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, @@ -287,9 +281,7 @@ static const int eap_ciphersuite_preference[] = #endif #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, - MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, @@ -298,9 +290,6 @@ static const int eap_ciphersuite_preference[] = MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, #endif -#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) - MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, -#endif #if defined(MBEDTLS_CCM_C) MBEDTLS_TLS_RSA_WITH_AES_256_CCM, #endif @@ -349,14 +338,10 @@ static const int eap_ciphersuite_preference[] = MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, #endif /* The PSK suites */ -#if defined(MBEDTLS_GCM_C) - MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, -#endif #if defined(MBEDTLS_CCM_C) MBEDTLS_TLS_PSK_WITH_AES_256_CCM, #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) - MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, #endif #if defined(MBEDTLS_CCM_C)