MBEDTLS_REMOVE_3DES_CIPHERSUITES macro

\def MBEDTLS_AES_FEWER_TABLES Use less ROM/RAM for AES tables. Uncommenting this macro omits 75% of the AES tables from ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) by computing their values on the fly during operations (the tables are entry-wise rotations of one another). Tradeoff: Uncommenting this reduces the RAM / ROM footprint by ~6kb but at the cost of more arithmetic operations during runtime. Specifically, one has to compare 4 accesses within different tables to 4 accesses with additional arithmetic operations within the same table. The performance gain/loss depends on the system and memory details. This option is independent of \c MBEDTLS_AES_ROM_TABLES. \def MBEDTLS_CAMELLIA_SMALL_MEMORY Use less ROM for the Camellia implementation (saves about 768 bytes). Uncomment this macro to use less memory for Camellia. \def MBEDTLS_CIPHER_MODE_CBC Enable Cipher Block Chaining mode (CBC) for symmetric ciphers. \def MBEDTLS_CIPHER_MODE_CFB Enable Cipher Feedback mode (CFB) for symmetric ciphers. \def MBEDTLS_CIPHER_MODE_CTR Enable Counter Block Cipher mode (CTR) for symmetric ciphers. \def MBEDTLS_CIPHER_MODE_OFB Enable Output Feedback mode (OFB) for symmetric ciphers. \def MBEDTLS_CIPHER_MODE_XTS Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES. \def MBEDTLS_CIPHER_NULL_CIPHER Enable NULL cipher. Warning: Only do so when you know what you are doing. This allows for encryption or channels without any security! Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable the following ciphersuites: MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA Uncomment this macro to enable the NULL cipher and ciphersuites \def MBEDTLS_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for specific padding modes in the cipher layer with cipher modes that support padding (e.g. CBC) If you disable all padding modes, only full blocks can be used with CBC. Enable padding modes in the cipher layer. \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES Enable weak ciphersuites in SSL / TLS. Warning: Only do so when you know what you are doing. This allows for channels with virtually no security at all! This enables the following ciphersuites: MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA Uncomment this macro to enable weak ciphersuites \warning DES is considered a weak cipher and its use constitutes a security risk. We recommend considering stronger ciphers instead. \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES Remove RC4 ciphersuites by default in SSL / TLS. This flag removes the ciphersuites based on RC4 from the default list as returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them explicitly. Uncomment this macro to remove RC4 ciphersuites by default. \def MBEDTLS_REMOVE_3DES_CIPHERSUITES Remove 3DES ciphersuites by default in SSL / TLS. This flag removes the ciphersuites based on 3DES from the default list as returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them explicitly. A man-in-the-browser attacker can recover authentication tokens sent through a TLS connection using a 3DES based cipher suite (see "On the Practical (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Ga�tan Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls in your threat model or you are unsure, then you should keep this option enabled to remove 3DES based cipher suites. Comment this macro to keep 3DES in the default ciphersuite list.