Hi Michael,

Mbed TLS 2.25 has many known bugs, including security vulnerabilities. You can find them listed in the changelog at https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-2.28/ChangeLog

Those bugs are fixed in the backward-compatible branch mbedtls-2.28, which is still receiving patches for now. However, the end-of-life of this branch is this month. (I expect we'll make one last release with bug fixes that we haven't released yet.) So it's not worth upgrading to 2.28 at this point, and you should move directly to mbedtls-3.6 (long-time support branch maintained until at least March 2027).

You can find a guide to the incompatible changes between Mbed TLS 2.x and 3.x at https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/3.0-migration-guide.md . In addition, the Mbed TLS 3.6 branch is the last one that has mbedtls_xxx legacy APIs for cryptography: starting with Mbed TLS 4.0, only PSA APIs will be available for cryptography. In 3.6, both APIs are present. So if you're going to do a nontrivial migration, you might as well migrate to something that can then work in 4.x. You can find a guide to migrating to PSA crypto APIs in https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/psa-transition.md

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 03/12/2024 16:45, Michael Khoyilar via mbed-tls wrote:

Hi Team

I am investigating the move from MbedTLS 2.25 to 3.6, however, our client uses the 2.25 currently (looks like they prefer to stay with it) and I need to provide convincing proof to move to 3.6 considering the upgrade issues that might arise. Any suggestions here that is convincing proof to do the migration to 3.6? I would appreciate your comments. Thanks

 

Michael