Hello,
I notice in 'crypto.h' of mbedTLS 3.6.3, PSA_CRYPTO_API_VERSION_MAJOR & PSA_CRYPTO_API_VERSION_MINOR show the version implemented as v1.0.
Per the github page of TF-PSA-Crypto (https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/development/README.md), the implementation is of v1.1. I verified that this mismatch between the README and crypto.h exists on the development branch of TF-PSA-Crypto as well.
What is the correct version implemented, as of mbedTLS 3.6.3?
Regards,
Kevin
Hi,
I'm trying to build the mbedtls v3.6.3 for an embedded 386 device. The
build is configured as `crypto_baremetal`. In the snippet below I use the
make build process with a GCC 11.2 cross toolchain that's installed in
`/opt/x-tools/i386-elf but the build process ends with an error:
```
(venv) dev [ /workspaces/mbedtls ]$ make
CC=/opt/x-tools/i386-elf/bin/i386-elf-gcc
AR=/opt/x-tools/i386-elf/bin/i386-elf-ar
make[1]: Entering directory '/workspaces/mbedtls/library'
CC aes.c
CC aesni.c
CC aesce.c
...
CC src/certs.c
CC src/psa_test_wrappers.c
CC src/test_helpers/ssl_helpers.c
make[1]: Leaving directory '/workspaces/mbedtls/tests'
make[1]: Entering directory '/workspaces/mbedtls/programs'
CC aes/crypt_and_hash.c
/opt/x-tools/i386-elf/lib/gcc/i386-elf/11.2.0/../../../../i386-elf/bin/ld:
cannot find crt0.o: No such file or directory
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:160: aes/crypt_and_hash] Error 1
make[1]: Leaving directory '/workspaces/mbedtls/programs'
make: *** [Makefile:34: programs] Error 2
(venv) dev [ /workspaces/mbedtls ]$
```
So I have two questions:
This error says it fails to link find crt0.o but the output
(library/libmbedcrypto.a) exists and looks ok (altho I've yet to try
linking against it). Is the error message spurious or is the library it
produced unusable?
Do I really need a version of crt0.o to link successfully? (The same
configuration builds with no errors using the host's x64 compiler toolchain
- and that toolchain also doesn't have a crt0.o file).
Thanks in advance!
Hi,
I'm the main developer of Leshan Library. This is a Java open source
implementation of LWM2M protocol hosted at Eclipse Foundation.
We currently use Scandium (from Californium Project) as DTLS library.
This library fits our needs until now but we have some concerns about
future-proofness of it (Especially, there is no plan for DTLS 1.3) and
there is no support of TLS.
So we explore some other way for the future.
I had consider to use OpenJdk but there is a lot of missing IoT
Features. I contact OpenJdk security dev and they makes me understand
politely that IoT is not the priority (at least this is my understanding)
Another solution we explore would be to use an mbedtls Java binding.
(as mbedtls is well supported and focus IoT)
There is a not official one at :
https://github.com/open-coap/kotlin-mbedtls
*Questions :
*
1. Is there any official java binding ?
2. If no, is there any plan for that kind of binding ?
3. If no, if there is a community initiative could it be hosted by you ?
Thx,
Simon
MBed-TLS Technical Forum - Asia
Every 4 weeks from 10am to 10:50am on Monday
United Kingdom Time
Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic:
MBed-TLS Technical Forum - AsiaTime: Jun 16, 2025 10:00 AM London
Every 4 weeks on Mon, 39 occurrence(s)Please download and import the
following iCalendar (.ics) files to your calendar system.Weekly:
https://linaro-org.zoom.us/meeting/tJMqcuGuqDotGtIbACm498ytl0ZhydWKdu1b/ics…
Zoom
Meetinghttps://linaro-org.zoom.us/j/97758661706?pwd=baMjUvnWbY20z3ignQca7QVahhozkI.1Meeting
ID: 977 5866 1706Passcode: 577208---One tap
mobile+16892781000,,97758661706# US+17193594580,,97758661706# US---Dial by
your location• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US•
+1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224
1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799
US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US•
+1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1
669 444 9171 US• +1 669 900 9128 US (San Jose)• 833 548 0282 US Toll-free•
833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US
Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-free• 833 548
0276 US Toll-freeMeeting ID: 977 5866 1706Find your local number:
https://linaro-org.zoom.us/u/acdtApJNbc
Guests
mbed-tls(a)lists.trustedfirmware.org
psa-crypto(a)lists.trustedfirmware.org
View all guest info
https://calendar.google.com/calendar/event?action=VIEW&eid=NjI4c3NnYjFoZHRh…
Reply for mbed-tls(a)lists.trustedfirmware.org and view more details
https://calendar.google.com/calendar/event?action=VIEW&eid=NjI4c3NnYjFoZHRh…
Your attendance is optional.
~~//~~
Invitation from Google Calendar: https://calendar.google.com/calendar/
You are receiving this email because you are an attendee on the event.
Forwarding this invitation could allow any recipient to send a response to
the organizer, be added to the guest list, invite others regardless of
their own invitation status, or modify your RSVP.
Learn more https://support.google.com/calendar/answer/37135#forwarding
Hi all,
I am writing in behalf of Security Pattern, a security firm specialized
in embedded systems.
We are a member of the QUBIP European Funded Project (https://qubip.eu),
which aims at transitioning protocols, networks, and systems to Post
Quantum algorithms.
As a result of the project, we have integrated a set of Post Quantum
algorithms in the TLS1.3 stack of the MbedTLS code (see here
https://github.com/QUBIP/pq-mqtt-client-mbedtls).
We have code running on STM32 Nucleo board in two versions:
the former is a full software, by leveraging the crypto primitives
provided in a library developed by another partner, the latter using a
Secure Element emulated by FPGA connected via I2C (also developed by
another partner of QUBIP).
Our main work has beed dedicated to integrating the new hybrid KEM and
signatures (MLKEM768-x25519 and MLDSA44-Ed25519) into the TLS stack, in
order to demonstrate communication with an MQTT broker running OpenSSL.
At the current stage we are about to publish the code on github with MIT
license (here https://github.com/QUBIP/pq-mqtt-client-mbedtls).
Meanwhile, we think the effort we made could be of help for MBedTLS
development/developers. So I would like to ask if you can address me to
some contact that is responsible in MbedTLS or ARM about the PQC
transition or the best way to facilitate the use/integration of our work.
Best Regards,
Alberto
--
Security Pattern <https://www.securitypattern.com/>
Alberto Battistello
Senior Security Engineer
M. +39 333 3239810
Via G. Boccaccio, 58 | 25080 Mazzano (BS) | Italy | P.I. 03943650980
www.securitypattern.com
<https://www.securitypattern.com/?utm_source=newsletter&utm_medium=email&utm…>
| Follow Linkedin <https://www.linkedin.com/company/securitypattern/> |
We value your privacy
<https://www.iubenda.com/privacy-policy/40319464/legal>
Hi all,
We have encountered a challenge while using mbedTLS 3.5.1 and would greatly appreciate the assistance of the experts. Thank you in advance for your support.
I used mbedTLS 3.5.1 to connect to the server acc.connect.cpms.milence.com, and the TLS handshake failed with an Alert (Level: Fatal, Description: Protocol Version) error. Detailed information is described at this GitHub issue<https://github.com/Mbed-TLS/mbedtls/issues/10141>.
* We attempted to connect with the Windows EDGE browser and found through packet capture that the handshake was successful.
* We were also able to successfully handshake using TLS 1.2.
* When we limited the supported group to only: MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 and used TLS 1.3, the handshake was also successful.
For more details, please refer to the discussion on GitHub: Handshake fail with "Alert (Level: Fatal, Description: Protocol Version)" ・ Issue #10141 ・ Mbed-TLS/mbedtls<https://github.com/Mbed-TLS/mbedtls/issues/10141>.
Best Regards,
Fu Baicheng
Dear Mbed TLS users,
We have released Mbed TLS versions 3.6.3 and 2.28.10. These releases provide bugfixes, security fixes and minor improvements.
This release of Mbed TLS provides the fix for the TLS compatibility issue of handling fragmented handshake messages. This release includes fixes for security issues.
Full details are available in the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Many thanks,
Minos Galanakis
Mbed TLS developer
Dear Mbed TLS users,
We have released Mbed TLS versions 3.6.3 and 2.28.10. These releases provide bugfixes, security fixes and minor improvements.
This release of Mbed TLS provides the fix for the TLS compatibility issue of handling fragmented handshake messages. This release includes fixes for security issues.
Full details are available in the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.3
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Many thanks,
Minos Galanakis
Mbed TLS developer
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org
To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org