lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

FFDH in TLS: it's only a limitation for TLS 1.2, not TLS 1.3

Browse Source 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2024-12-04 18:04:55 +01:00
parent 42cb84fc4e
commit d78d695c46
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/driver-only-builds.md
View File

@ -278,9 +278,11 @@ The same holds for the associated algorithm:
removing builtin support (i.e. `MBEDTLS_DHM_C`). removing builtin support (i.e. `MBEDTLS_DHM_C`).
Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the
Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer Mbed TLS legacy API supports custom groups. As a consequence, the TLS 1.2
of Mbed TLS only supports DHE cipher suites if built-in FFDH layer of Mbed TLS only supports DHE cipher suites if built-in FFDH
(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled. (`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
(The TLS 1.3 layer uses PSA, and this is not a limitation because the
protocol does not allow custom FFDH groups.)
RSA RSA
--- ---