This is a bit of input from a non TLS expert. Well, I know what it does but the LWIP-TLS implementation in the project I have been working on for past few years was done by someone else.
It still uses TLS 2.16.2 and there are no plans to change this because a) it is a lot of work b) it has been extensively tested c) an IOT box cannot be on an open port anyway so this will only ever be a client sitting behind NAT or some such.
Upgrading to later TLS was discussed and it will be done if we have a customer who demands it :)
But there is a gotcha with just saying (as all the crypto experts on the internet like to say) that algorithm X is now insecure, deprecated, so remove support for it. It is the sort of thing which google like to do but they get away with it because they own the world.
So you do that, save perhaps 10k of FLASH (on a CPU which has 1MB), but then you find that some certificates in cacert.pem are really old (maybe 20 years?) and are signed with a hash which was, ahem, deprecated, is "insecure", and your box now will not connect to that server anymore. It takes a fair bit of work to find out why it doesn't connect!
And I am talking about some big-name websites.
And since this is not exactly a rare thing, and since MbedTLS is a bastard to debug when in some embedded box, I have a win32 executable version of it (done by the same guy; took him a week or so) which outputs decent diagnostics. Without such a tool, MbedTLS is asking to be a customer support nightmare; these issues are inherently complex.
It does look like one can safely drop DES and 3DES nowadays (based on my enquiries, but that means very little) but do you feel lucky? There is no way to be sure. If you control both ends then you *know* you aren't using DES but then if you control both ends you probably don't need latest TLS because the attack surface is way smaller ;)
Peter (a coder in asm and C since 1980, Z80 all the way to 32F417)
Hi Prakash,
Good question. No, 3.6.0 does not have all the features that are in 2.28.8 - however it should have all the features of 2.28.8 that are still relevant today.
As indicated by the major version being different, incompatible API changes have been made in 3.0.0. Among them was the removal of a number of features considered obsolete or unadvisable to use at the time. For example, support for SSL 3.0, TLS 1.0 and 1.1 was removed at that time. For a complete list, see "API Changes" under "Mbed TLS 3.0.0" in our ChangeLog:https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog#L1455
After that, there were only compatible changes between 3.0.0 and 3.6.0 in particular no feature removal. So, the only features that are in 2.28.8 and not in 3.6.0 are those documented in the entry for 3.0.0.
Note that on the other hand, 3.6.0 has a lot of features that are not in 2.28.8. For example, 3.6.0 has support for TLS 1.3. For a complete list, see all the "Features" sections for all the versions from 3.0.0 to 3.6.0 in the ChangeLog.
Now, for most people I'd strongly recommend using 3.6.0 for new development. The only reasons I could see for using 2.28.x today are:
If you have an existing code base using 2.28.x and now is not a convenient time to move to a new major version. (But please note that 2.28.x will not be maintained after the end of 2024, so you'll have to migrate at some point before that.) 2. If you happen to need one of the features that was removed in 3.0.0. That should be a very rare occurrence as 3.x is supposed to support everything that's still relevant. So, if you find yourself in this situation, please let us know.
TL;DR: most people should use 3.6.0.
Hope this helps, Manuel.
From: Satya Prakash Prasad via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 29 March 2024 03:51 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Re: [Mbed-tls-announce] Latest Release of Mbed TLS
Hi,
Many thanks for the updates and information as provided. Please let us know the difference between 3.6.0 and 2.28.8 release.
Are all the features of 2.28.8.available in 3.6.0? Please advise which version to use based on functionality.
Regards, Prakash
On Thu, Mar 28, 2024 at 9:12?PM Minos Galanakis via Mbed-tls-announce via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> wrote: Hi Mbed TLS users,
We have released Mbed TLS versions 3.6.0 LTS and 2.28.8.
These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0, https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8).
We recommend all users to consider whether they are impacted, and to upgrade appropriately. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list -- mbed-tls-announce@lists.trustedfirmware.orgmailto:mbed-tls-announce@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave@lists.trustedfirmware.orgmailto:mbed-tls-announce-leave@lists.trustedfirmware.org