Hi Maren,
The TLS 1.3 specification defines only 3 ECDSA algorithms: ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384 and ecdsa_secp521_sha512, we only support these in Mbed TLS. Unfortunately,
there are no config options that would make Brainpool curves work with TLS 1.3.
I am sorry, but at the moment we don’t have any plans about adding Brainpool curve support for TLS 1.3.
Best regards,
Janos
From:
Maren Konrad via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Tuesday, 12 November 2024 at 11:51
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] TLS 1.3 and brainpool curves
Dear MbedTLS maintainers,
we are already using MBedTLS, however, we recently enabled TLS 1.3 and
found that our certificates doesn't work anymore, because they are
brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the
question would be, if I missed any configuration to enable the usage of
brainpool curves (which are working for TLS 1.2) or if there are any
plans, that these are getting supported by MBedTLS 3.6.x?
Best regards,
Maren Konrad