From 72a0565e13942b6c2520bba6be95bb9b7d04093e Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Tue, 25 Jan 2022 14:36:30 +0800
Subject: [PATCH] docs: Add version support description

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 docs/architecture/tls13-support.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index bef3a35660..f374e99cf8 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -120,7 +120,22 @@ MVP definition
   the three first ones in the list above are mandatory (see section 9.1 of the
   specification).
 
-- Supported versions: only TLS 1.3, version negotiation is not supported.
+- Supported versions:
+
+  - only TLS 1.3, version negotiation is not supported.
+
+  - TLS 1.3 and 1.2 can be disable/enable with build option. One of them MUST be
+    enabled. Supported build options:
+
+    | MBEDTLS_SSL_PROTO_TLS1_2 | MBEDTLS_SSL_PROTO_TLS1_3 |
+    | ------------------------ | ------------------------ |
+    | yes                      | no                       |
+    | no                       | yes                      |
+    | yes                      | yes                      |
+
+  - If both TLS 1.3 and TLS 1.2 are enabled, only one of them can be configured
+    enabled via `mbedtls_ssl_conf_{min,max}_version`. Otherwise, `mbedtls_ssl_setup`
+    will raise `MBEDTLS_ERR_SSL_BAD_CONFIG` error.
 
 - Compatibility with existing SSL/TLS build options: