lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Editorial improvements

Browse Source 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
2021-06-07 12:00:04 +02:00
parent 3b5a7c198c
commit 13a9776676
2 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog.d/issue4286.txt
View File

@ -2,13 +2,9 @@ Removals
* Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for
CBC record splitting, fallback SCSV, and the ability to configure CBC record splitting, fallback SCSV, and the ability to configure
ciphersuites per version, which are no longer relevant. This removes the ciphersuites per version, which are no longer relevant. This removes the
following public constants: MBEDTLS_SSL_PROTO_TLS1, configuration options MBEDTLS_SSL_PROTO_TLS1,
MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and
MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_CBC_RECORD_SPLITTING, MBEDTLS_SSL_FALLBACK_SCSV as well as the functions
MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED,
MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED,
MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE,
MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK; and functions:
mbedtls_ssl_conf_cbc_record_splitting(), mbedtls_ssl_conf_cbc_record_splitting(),
mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(), mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(),
mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286. and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286.

6
docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md
View File

@ -10,9 +10,9 @@ surface, even if the code is supposedly not used.
The migration path is to adopt the latest versions of the protocol. The migration path is to adopt the latest versions of the protocol.
As a consequence of removing 1.0, support for CBC record splitting was also As a consequence of removing TLS 1.0, support for CBC record splitting was
removed, as it was a work-around for a weakness in this particular version. also removed, as it was a work-around for a weakness in this particular
There is no migration path is no longer makes sense with newer versions. version. There is no migration path since the feature is no longer relevant.
As a consequence of currently supporting only one version of (D)TLS (and in the As a consequence of currently supporting only one version of (D)TLS (and in the
future 1.3 which will have a different version negociation mechanism), support future 1.3 which will have a different version negociation mechanism), support