Dear MbedTLS maintainers,
we are already using MBedTLS, however, we recently enabled TLS 1.3 and found that our certificates doesn't work anymore, because they are brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the question would be, if I missed any configuration to enable the usage of brainpool curves (which are working for TLS 1.2) or if there are any plans, that these are getting supported by MBedTLS 3.6.x?
Best regards,
Maren Konrad
Hi Maren,
The TLS 1.3 specification defines only 3 ECDSA algorithms: ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384 and ecdsa_secp521_sha512, we only support these in Mbed TLS. Unfortunately, there are no config options that would make Brainpool curves work with TLS 1.3.
I am sorry, but at the moment we don’t have any plans about adding Brainpool curve support for TLS 1.3.
Best regards, Janos
From: Maren Konrad via mbed-tls mbed-tls@lists.trustedfirmware.org Date: Tuesday, 12 November 2024 at 11:51 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] TLS 1.3 and brainpool curves Dear MbedTLS maintainers,
we are already using MBedTLS, however, we recently enabled TLS 1.3 and found that our certificates doesn't work anymore, because they are brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the question would be, if I missed any configuration to enable the usage of brainpool curves (which are working for TLS 1.2) or if there are any plans, that these are getting supported by MBedTLS 3.6.x?
Best regards,
Maren Konrad
mbed-tls@lists.trustedfirmware.org
-
Janos Follath -
Maren Konrad