This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place. ==== General goals ==== Target for release: CY20Q3. 1. Clean up the code by removing old things. 2. Improve existing APIs, behaviours, and defaults 3. Reduce the surface of the public API 4. Prepare the migration to PSA Crypto See [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000019.html | this mailing-list thread ]] for details. ==== List of accepted changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on including them. ==== List of changes under discussion ==== This section will be populated as specific changes are discussed on the mailing list. ==== List of rejected changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.

This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place. ==== General goals ==== Target for release: CY20Q3. 1. Clean up the code by removing old things. 2. Improve existing APIs, behaviours, and defaults 3. Reduce the surface of the public API 4. Prepare the migration to PSA Crypto See [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000019.html | this mailing-list thread ]] for details. ==== List of accepted changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on including them. ==== List of changes under discussion ==== This section will be populated as specific changes are discussed on the mailing list. ====== Drop old TLS options from the code base entirely ====== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000022.html | Mailing-list thread. ]] * Drop support for parsing SSLv2 ClientHello (`MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO`). * Drop support for SSLv3 (`MBEDTLS_SSL_PROTO_SSL3`). * Drop support for compatibility with our own previous buggy implementation of truncated HMAC (`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). * Drop support for TLS record-level compression (`MBEDTLS_ZLIB_SUPPORT`). * Drop RC4 ciphersuites. * Drop the single-DES ciphersuites. * Support for SSL record hardware acceleration (`MBEDTLS_SSL_HW_RECORD_ACCEL`). ==== List of rejected changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.

This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place. ==== General goals ==== Target for release: CY20Q3. 1. Clean up the code by removing old things. 2. Improve existing APIs, behaviours, and defaults 3. Reduce the surface of the public API 4. Prepare the migration to PSA Crypto See [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000019.html | this mailing-list thread ]] for details. ==== List of accepted changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on including them. ==== List of changes under discussion ==== This section will be populated as specific changes are discussed on the mailing list. ====== Drop old TLS options from the code base entirely ====== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000022.html | Mailing-list thread. ]] * Drop support for parsing SSLv2 ClientHello (`MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO`). * Drop support for SSLv3 (`MBEDTLS_SSL_PROTO_SSL3`). * Drop support for compatibility with our own previous buggy implementation of truncated HMAC (`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). * Drop support for TLS record-level compression (`MBEDTLS_ZLIB_SUPPORT`). * Drop RC4 ciphersuites. * Drop the single-DES ciphersuites. * Support for SSL record hardware acceleration (`MBEDTLS_SSL_HW_RECORD_ACCEL`). ==== List of rejected changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.