Document compile-time options that only apply to TLS 1.2 #9880
Labels
Comments
gilles-peskine-arm
added
component-tls
good-first-issue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some compile-time options only apply to TLS 1.2 (since Mbed TLS 3.0) and not to TLS 1.3, but the documentation doesn't mention this. (This is because the documentation hasn't been updated since back before we had any support for TLS 1.3, and those options applied to older TLS versions as well.)
At least
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED, maybe others (I haven't checked). For the key exchange options, it's more or less implied by having a list of TLS ≤1.2 cipher suites, since TLS 1.3 has different cipher suite names. But it's not obvious to readers.The goal of this issue is to update the documentation of
MBEDTLS_KEY_EXCHANGE_xxx_ENABLEDand perhaps someMBEDTLS_SSL_xxxoptions to state that they only apply to TLS 1.2.The text was updated successfully, but these errors were encountered: