My take on this is that there is no value in "support", for an embedded product software module. MbedTLS is free, with no commercial obligations, so nobody is going to fix anything for you.
My plan, running V2.16.2, is to run this for ever. It runs just fine, with LWIP 2.0.3 which also runs just fine. Security fixes are not really relevant in the embedded sphere because in nearly all cases there is no mechanism for deploying new firmware (and doing so remotely would itself be a huge security risk, unless tied down with certificates etc, but certificates have zero value if there is physical access, unless one is using some tamper-proof smartcard module), and since without physical security there is no security at all... you are back to zero :)
IOT products should never be run on an open port. Most of them are clients which call up a private server, for a) this reason and b) to create a long term revenue stream.
If anyone is willing to debate this, I would be seriously interested, but on past occassions everyone stayed very quiet :)
Peter
Hello everyone,
We are currently using the mbedTLS version 2.16.12 in our firmware and we are planning an update to a newer branch. I would like to know, how long the different 3.x branches will be supported.
Is there any fix roadmap, how long an mbedTLS branch must be supported and maintained after its first release? I could only find this information for the 2.28 branch (support until end of 2024).
Thank you for any help you can offer.
Best regards Maher Azarkan
Hilscher Gesellschaft f?r Systemautomation mbH Rheinstra?e 15 / D-65795 Hattersheim / Germany
Sitz der Gesellschaft / place of business: Hattersheim | Gesch?ftsf?hrer / managing director: Sebastian Hilscher, Hans-J?rgen Hilscher Handelsregister / commercial register: Frankfurt B 26873 | Ust. Idnr. / VAT No.: DE113852715 Registergericht / register court: Amtsgericht Frankfurt/Main
Important Information: This e-mail message including its attachments contains confidential and legally protected information solely intended for the addressee. If you are not the intended addressee of this message, please contact the addresser immediately and delete this message including its attachments. The unauthorized dissemination, copying and change of this e-mail are strictly forbidden. The addresser shall not be liable for the content of such changed e-mails.
Wichtiger Hinweis: Diese E-Mail einschlie?lich ihrer Anh?nge enth?lt vertrauliche und rechtlich gesch?tzte Informationen, die nur f?r den Adressaten bestimmt sind. Sollten Sie nicht der bezeichnete Adressat sein, so teilen Sie dies bitte dem Absender umgehend mit und l?schen Sie diese Nachricht und ihre Anh?nge. Die unbefugte Weitergabe, das Anfertigen von Kopien und jede Ver?nderung der E-Mail ist untersagt. Der Absender haftet nicht f?r Inhalte von ver?nderten E-Mails.