Hi Prakash,

Good question. No, 3.6.0 does not have all the features that are in 2.28.8 - however it should have all the features of 2.28.8 that are still relevant today.

As indicated by the major version being different, incompatible API changes have been made in 3.0.0. Among them was the removal of a number of features considered obsolete or unadvisable to use at the time. For example, support for SSL 3.0, TLS 1.0 and 1.1 was removed at that time. For a complete list, see "API Changes" under "Mbed TLS 3.0.0" in our ChangeLog:https://github.com/Mbed-TLS/mbedtls/blob/development/ChangeLog#L1455

After that, there were only compatible changes between 3.0.0 and 3.6.0 in particular no feature removal. So, the only features that are in 2.28.8 and not in 3.6.0 are those documented in the entry for 3.0.0.

Note that on the other hand, 3.6.0 has a lot of features that are not in 2.28.8. For example, 3.6.0 has support for TLS 1.3. For a complete list, see all the "Features" sections for all the versions from 3.0.0 to 3.6.0 in the ChangeLog.

Now, for most people I'd strongly recommend using 3.6.0 for new development. The only reasons I could see for using 2.28.x today are:
  1. If you have an existing code base using 2.28.x and now is not a convenient time to move to a new major version. (But please note that 2.28.x will not be maintained after the end of 2024, so you'll have to migrate at some point before that.)
  2. If you happen to need one of the features that was removed in 3.0.0. That should be a very rare occurrence as 3.x is supposed to support everything that's still relevant. So, if you find yourself in this situation, please let us know.

TL;DR: most people should use 3.6.0.

Hope this helps,
Manuel.


From: Satya Prakash Prasad via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 29 March 2024 03:51
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Re: [Mbed-tls-announce] Latest Release of Mbed TLS
 
Hi,

Many thanks for the updates and information as provided. Please let us know the difference between 3.6.0 and 2.28.8 release.

Are all the features of 2.28.8.available in 3.6.0? Please advise which version to use based on functionality.

Regards,
Prakash

On Thu, Mar 28, 2024 at 9:12 PM Minos Galanakis via Mbed-tls-announce via mbed-tls <mbed-tls@lists.trustedfirmware.org> wrote:
Hi Mbed TLS users,

We have released Mbed TLS versions 3.6.0 LTS and 2.28.8.

These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0, https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8).

We recommend all users to consider whether they are impacted, and to upgrade appropriately.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
Mbed-tls-announce mailing list -- mbed-tls-announce@lists.trustedfirmware.org
To unsubscribe send an email to mbed-tls-announce-leave@lists.trustedfirmware.org
--
mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org
To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org