I may need TLS 1.3 support which I believe arrived in 2.28, or maybe a bit later.
I don't want to change to TLS 3 just yet. It looks like many changes.
My target is "OK" on FLASH (150k of the 350k total code size) but is tight on RAM (after allocating 50k for the MbedTLS heap, we have just 20k RAM left).
Ideally I would like the very last version of v2.
The problem just found is that Cloudflare is asking for TLS 1.3 which MbedTLS 2.16 does not support. But it may be that Cloudflare can fall back and the problem is elsewhere.
Many thanks for any input.
For TLS 1.3, you need at least Mbed TLS 3.1. We'd started work on TLS 1.3 before the 2.28 release, but that release does not yet have a usable subset of the protocol (it only has part of the handshake). Please consult https://github.com/Mbed-TLS/mbedtls/blob/development/docs/architecture/tls13... or that file in a given release to see what TLS 1.3 features are supported.
The TLS 1.3 code depends on the PSA cryptography subsystem. I'm afraid this currently has a little RAM overhead, compared to the legacy cryptography API. So far we've mostly focused on code size optimization, not on RAM optimization, and even for code size there is some overhead due to the ongoing API transition. The RAM overhead is only a few hundreds of bytes, however. Set MBEDTLS_PSA_KEY_SLOT_COUNT to the minimum value that works for you to reduce the RAM overhead.
If your chip has hardware acceleration, using PSA with an accelerator driver can improve performance and code size and RAM usage for asymmetric cryptography (which is the part that uses the most RAM), compared to the legacy API.