This page describes plans for Mbed TLS 3.0 in some technical details. The plans are discussed on the mailing list in a series of threads, and this page's goal is to summarize and consolidate the results in one place.
Mailing-list thread. Target for release: CY20Q3.
- Clean up the code by removing old things.
- Improve existing APIs, behaviours, and defaults
- Reduce the surface of the public API
- Prepare the migration to PSA Crypto
(This section is populated when specific changes have been discussed on the mailing list and a consensus is reached on including them.)
- Drop support for parsing SSLv2 ClientHello (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
- Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
- Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
- Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
- Drop RC4 ciphersuites.
- Drop the single-DES ciphersuites.
- Support for SSL record hardware acceleration (MBEDTLS_SSL_HW_RECORD_ACCEL).
(This section is populated as specific changes are discussed on the mailing list.)
- Drop memory_buffer_alloc.c - m-l thread.
- Move certs.c out of the library - ml-thread.
- Move timing.c out of the library - ml-thread.
- Move net_sockets.c out of the library - ml-thread.
This section will be populated as specific changes are discussed on the mailing list and a consensus is reached on excluding them.