This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place. ==== General goals ==== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000019.html | Mailing-list thread. ]] Target for release: CY20Q3. 1. Clean up the code by removing old things. 2. Improve existing APIs, behaviours, and defaults 3. Reduce the surface of the public API 4. Prepare the migration to PSA Crypto ==== List of accepted changes ==== (This section is populated when specific changes have been discussed on the mailing list and a consensus is reached on including them.) ====== Drop old TLS options from the code base entirely ====== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000022.html | Mailing-list thread. ]] * Drop support for parsing SSLv2 ClientHello (`MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO`). * Drop support for SSLv3 (`MBEDTLS_SSL_PROTO_SSL3`). * Drop support for compatibility with our own previous buggy implementation of truncated HMAC (`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). * Drop support for TLS record-level compression (`MBEDTLS_ZLIB_SUPPORT`). * Drop RC4 ciphersuites. * Drop the single-DES ciphersuites. * Support for SSL record hardware acceleration (`MBEDTLS_SSL_HW_RECORD_ACCEL`). ==== List of changes under discussion ==== (This section is populated as specific changes are discussed on the mailing list.) ====== Drop some modules from the code base entirely ====== * Drop `pkcs11.c` ([[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html | m-l thread ]]). * Drop `havege.c` ([[https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000025.html | m-l thread ]]). * Drop `memory_buffer_alloc.c` ([[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000026.html | m-l thread ]]). ==== List of rejected changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.

This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place. ==== General goals ==== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000019.html | Mailing-list thread. ]] Target for release: CY20Q3. 1. Clean up the code by removing old things. 2. Improve existing APIs, behaviours, and defaults 3. Reduce the surface of the public API 4. Prepare the migration to PSA Crypto ==== List of accepted changes ==== (This section is populated when specific changes have been discussed on the mailing list and a consensus is reached on including them.) ====== Drop old TLS options from the code base entirely ====== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000022.html | Mailing-list thread. ]] * Drop support for parsing SSLv2 ClientHello (`MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO`). * Drop support for SSLv3 (`MBEDTLS_SSL_PROTO_SSL3`). * Drop support for compatibility with our own previous buggy implementation of truncated HMAC (`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). * Drop support for TLS record-level compression (`MBEDTLS_ZLIB_SUPPORT`). * Drop RC4 ciphersuites. * Drop the single-DES ciphersuites. * Support for SSL record hardware acceleration (`MBEDTLS_SSL_HW_RECORD_ACCEL`). ====== Drop some modules from the code base entirely ====== * Drop `havege.c` - [[https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000025.html | m-l thread ]] - [[https://github.com/ARMmbed/mbedtls/issues/2599 | github issue]]. ==== List of changes under discussion ==== (This section is populated as specific changes are discussed on the mailing list.) ====== Drop some modules from the code base entirely ====== * Drop `pkcs11.c` ([[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html | m-l thread ]]). * Drop `memory_buffer_alloc.c` ([[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000026.html | m-l thread ]]). ==== List of rejected changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.

This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place. ==== General goals ==== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000019.html | Mailing-list thread. ]] Target for release: CY20Q3. 1. Clean up the code by removing old things. 2. Improve existing APIs, behaviours, and defaults 3. Reduce the surface of the public API 4. Prepare the migration to PSA Crypto ==== List of accepted changes ==== (This section is populated when specific changes have been discussed on the mailing list and a consensus is reached on including them.) ====== Drop old TLS options from the code base entirely ====== [[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000022.html | Mailing-list thread. ]] * Drop support for parsing SSLv2 ClientHello (`MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO`). * Drop support for SSLv3 (`MBEDTLS_SSL_PROTO_SSL3`). * Drop support for compatibility with our own previous buggy implementation of truncated HMAC (`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT`). * Drop support for TLS record-level compression (`MBEDTLS_ZLIB_SUPPORT`). * Drop RC4 ciphersuites. * Drop the single-DES ciphersuites. * Support for SSL record hardware acceleration (`MBEDTLS_SSL_HW_RECORD_ACCEL`). ====== Drop some modules from the code base entirely ====== * Drop `havege.c` - [[https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000025.html | m-l thread ]] - [[https://github.com/ARMmbed/mbedtls/issues/2599 | github issue]]. ==== List of changes under discussion ==== (This section is populated as specific changes are discussed on the mailing list.) ====== Drop some modules from the code base entirely ====== * Drop `pkcs11.c` ([[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html | m-l thread ]]). * Drop `havege.c` ([[https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000025.html | m-l thread ]]). * Drop `memory_buffer_alloc.c` ([[ https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000026.html | m-l thread ]]). ==== List of rejected changes ==== This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.