[tianocore/edk2] c3bf98: CryptoPkg: Disable the security risk ciphers.

Kanagavel S via edk2-commits Thu, 03 Jul 2025 04:12:46 -0700

  Branch: refs/heads/master
  Home:   https://github.com/tianocore/edk2
  Commit: c3bf98f265b5bd7adc1ef889885fd398d6cbe7a5
      
https://github.com/tianocore/edk2/commit/c3bf98f265b5bd7adc1ef889885fd398d6cbe7a5
  Author: INDIA\kanagavels <kanagav...@ami.com>
  Date:   2025-07-03 (Thu, 03 Jul 2025)


  Changed paths:
    M CryptoPkg/Library/MbedTlsLib/Include/mbedtls/mbedtls_config.h

  Log Message:
  -----------
  CryptoPkg: Disable the security risk ciphers.

REF:https://github.com/tianocore/edk2/issues/11040

Since the below mentioned ciphers has a security risks,
Disable
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
MBEDTLS_SSL_RENEGOTIATION
MBEDTLS_DHM_C

Enable
MBEDTLS_SSL_DTLS_ANTI_REPLAY
MBEDTLS_SSL_DTLS_HELLO_VERIFY.

Signed-off-by: Kanagavel S <kanagav...@ami.com>



To unsubscribe from these emails, change your notification settings at 
https://github.com/tianocore/edk2/settings/notifications


_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits

[tianocore/edk2] c3bf98: CryptoPkg: Disable the security risk ciphers.

Reply via email to