I have been looking around for a answer to how long the LTS branches are supported? are we talking 2-3 years or more? 2.28 lived for ~3years, and had an EOL date defined on release, 3.6.0 does not have a defined EOL-date on github?
the happy path scenario is that the 3.6 branch is supported at-least until a LTS is released on 4.x-series, no matter if that takes 3, 5 or 10 years to get there, but that information would be a nice to have for planning ahead.
thanks in advance. /Björn
On Mon, Apr 29, 2024 at 4:46 PM Nathan Sircombe via mbed-tls < mbed-tls@lists.trustedfirmware.org> wrote:
Dear Mbed TLS users,
We recently announced the release of Mbed TLS 3.6.0, starting the 3.6 long-term support branch. We intend for this to be the last 3.x feature release. Mbed TLS 3.6.x will as usual receive bug fixes (including security improvements), but no new features. This will allow the Mbed TLS team to focus on preparing the next major release, Mbed TLS 4.0, planned for 2025 (expect further updates when the timeline becomes more precise).
The main focus of Mbed TLS 4.0 is to complete the migration to PSA crypto APIs. This means that most mbedtls_xxx cryptography APIs will be removed. We expect mbedtls_x509 and mbedtls_ssl to change in relatively minor, but sometimes incompatible ways. Alongside this technical change, the crypto APIs will be published as a separate product, TF-PSA-Crypto https://github.com/Mbed-TLS/TF-PSA-Crypto (very early preview so far), while the X.509 and TLS libraries will continue to be called Mbed TLS.
The work on 4.0 will happen on the development branch in the mbedtls repository, so you can expect more instability than usual on that branch. The mbedtls-3.6 https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6 branch is available if you want the latest patches on Mbed TLS 3.6 LTS.
As usual, you can see our high-level plans in the roadmap https://mbed-tls.readthedocs.io/en/latest/project/roadmap/, and in more detail on GitHub https://github.com/Mbed-TLS/mbedtls/issues. Look for issues labeled api-break https://github.com/Mbed-TLS/mbedtls/issues?q=is%3Aissue+is%3Aopen+label%3Aapi-break (note that we haven't filed issues on all topics yet).
We will launch some consultations on the mbed-tls mailing list https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirmware.org/ soon, to gather community input on some topics.
Many Thanks,
Nathan Sircombe
(On behalf of the Mbed TLS development team)
mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org