mbedtls 3.x is incompatible with mbedtls 2.x so the transition of all the packages using mbedtls will take a long time. However, from my understanding, it is not possible to install both versions side by side as a lot of headers are common to both versions and installed in include/mbedtls.
This fact is raising concern on buildroot side, see: https://patchwork.ozlabs.org/project/buildroot/patch/20211228153345.4087026-...
Can you confirm that a side-by-side installation of both mbedtls versions is not possible and/or can you share some inputs on this topic?
It is not possible to link both Mbed TLS 2.x and Mbed TLS 3.x in the same program since they use the same symbol names, but not always with the same semantics. (Although I think it's actually possible if your linker is flexible enough, by renaming or hiding symbols at the right build stage(s). This may not work with all drivers/ALT implementations, but it should work with Mbed TLS itself.)
If you want to be able to do development for both Mbed TLS 2.x and Mbed TLS 3.x on the same systems, you need to install the header files and the libraries under different paths. At most one can be in the default include and lib directories. Since each program can only use one version, you need to pick the desired -I/-L paths at compile/link times.
It is possible to have programs using Mbed TLS 2.x and programs using Mbed TLS 3.x installed on the same system, and this should be seamless. The two versions declare different SONAMEs.
It's not clear to me what the problem is with buildroot. Can't different packages have different CFLAGS/LDFLAGS?