Hello,
Mbed TLS 3.6.0 was the first release to enable TLS 1.3 support by default. Unfortunately, this breaks many applications that open a TLS connection with default settings, which are now negotiating TLS 1.3 instead of TLS 1.2, but hit a difference in how Mbed TLS 3.6.0 implements the two versions of the protocol.
The most common symptom is: you are using the default configuration (or something close), and your application fails in the handshake with an internal error whenever it negotiates TLS 1.3. To resolve this, call psa_crypto_init() before starting a TLS handshake.
For a list of other known issues, please see https://github.com/Mbed-TLS/mbedtls/issues/9223
If you are encountering a problem due to the enablement of TLS 1.3 that is not listed on that page, please let us know by opening an issue on GitHub.
If no workaround or patch is available for your problem yet, you can disable TLS 1.3 by calling mbedtls_ssl_conf_max_tls_version(ssl_config, MBEDTLS_SSL_VERSION_TLS1_2) before mbedtls_ssl_setup().
We are planning to fix all the issues listed on that page before the 3.6.1 patch release. We do not yet have a date for the 3.6.1 release.
Best regards,
Hello, we are planning to do the 3.6.1 patch release by the 30th of August. This release will address the TLS 1.3 issues discussed below along with other security and non-security issues (see https://github.com/orgs/Mbed-TLS/projects/1#column-19883226 for more information).
Best regards, Ronald Cron.
-----Original Message----- From: Gilles Peskine via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Thursday, June 20, 2024 3:43 PM To: mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] TLS 1.3 failures in Mbed TLS 3.6.0
Hello,
Mbed TLS 3.6.0 was the first release to enable TLS 1.3 support by default. Unfortunately, this breaks many applications that open a TLS connection with default settings, which are now negotiating TLS 1.3 instead of TLS 1.2, but hit a difference in how Mbed TLS 3.6.0 implements the two versions of the protocol.
The most common symptom is: you are using the default configuration (or something close), and your application fails in the handshake with an internal error whenever it negotiates TLS 1.3. To resolve this, call psa_crypto_init() before starting a TLS handshake.
For a list of other known issues, please see https://github.com/Mbed-TLS/mbedtls/issues/9223
If you are encountering a problem due to the enablement of TLS 1.3 that is not listed on that page, please let us know by opening an issue on GitHub.
If no workaround or patch is available for your problem yet, you can disable TLS 1.3 by calling mbedtls_ssl_conf_max_tls_version(ssl_config, MBEDTLS_SSL_VERSION_TLS1_2) before mbedtls_ssl_setup().
We are planning to fix all the issues listed on that page before the 3.6.1 patch release. We do not yet have a date for the 3.6.1 release.
Best regards,
-- Gilles Peskine Mbed TLS developer -- mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Ronald Cron