lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Addition of migration guide and corrections to the ChangeLog file

Browse Source 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz
2021-05-14 11:09:44 +02:00
parent 97e41723fa
commit d807060e0a
2 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md Normal file
View File

@ -0,0 +1,11 @@
Remove suport for TLS 1.0, 1.1 and DLTS 1.0
-------------------------------------------
This change affects users of the TLS 1.0, 1.1 and DTLS 1.0.
The versions of (D)TLS that are being removed are not as secure as the latest
versions. Keeping them in the library creates opportunities for misconfiguration
and possibly downgrade attacks. More generally, more code means a larger attack
surface, even if the code is supposedly not used.
The migration path is to adopt the latest versions of the protocol.