From 9810b6d0b7b3240251324c69f6fc615e6b12d99b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 20 Oct 2022 14:22:45 +0200 Subject: [PATCH] Fix kex config options documentation in tls13-support.md Signed-off-by: Ronald Cron --- docs/architecture/tls13-support.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index 30185f4e1a..1c568d82cd 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -148,7 +148,12 @@ Support description - MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE enables the support for middlebox compatibility mode as defined in section D.4 of RFC 8446. - - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED enables the + - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED enables the support for + the PSK key exchange mode as defined by RFC 8446. If it is the only key + exchange mode enabled, the TLS 1.3 implementation does not contain any code + related to key exchange protocols, certificates and signatures. + + - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED enables the support of the ephemeral key exchange mode. If it is the only key exchange mode enabled, the TLS 1.3 implementation does not contain any code related to PSK based key exchange. The ephemeral key exchange mode requires at least @@ -157,16 +162,11 @@ Support description algorithm allowed by the TLS 1.3 specification for signature computing and verification. - - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED enables the support for - the PSK key exchange mode as defined by RFC 8446. If it is the only key + - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED enables the + support for the PSK ephemeral key exchange mode. If it is the only key exchange mode enabled, the TLS 1.3 implementation does not contain any code - related to key exchange protocols, certificates and signatures. - - - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED enables the support - for the PSK ephemeral key exchange mode. If it is the only key exchange - mode enabled, the TLS 1.3 implementation does not contain any code related to certificates and signatures. The PSK ephemeral key exchange - mode requirss at least one of the key exchange protocol allowed by the + mode requires at least one of the key exchange protocol allowed by the TLS 1.3 specification.