Skip to content

Commit

Permalink
docs: update mbedtls guide for TLS 1.3 supported change
Browse files Browse the repository at this point in the history
  • Loading branch information
mahavirj committed Oct 3, 2024
1 parent 1e0df27 commit e8dc634
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 16 deletions.
12 changes: 4 additions & 8 deletions docs/en/api-reference/protocols/mbedtls.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Mbed TLS

ESP-IDF uses a `fork <https://github.com/espressif/mbedtls>`_ of Mbed TLS which includes a few patches (related to hardware routines of certain modules like ``bignum (MPI)`` and ``ECC``) over vanilla Mbed TLS.

Mbed TLS supports SSL 3.0 up to TLS 1.3 and DTLS 1.0 to 1.2 communication by providing the following:
Mbed TLS supports TLS 1.2, TLS 1.3 and DTLS 1.2 communication by providing the following:

- TCP/IP communication functions: listen, connect, accept, read/write.
- SSL/TLS communication functions: init, handshake, read/write.
Expand All @@ -18,8 +18,9 @@ Mbed TLS supports SSL 3.0 up to TLS 1.3 and DTLS 1.0 to 1.2 communication by pro
- Hashing
- Encryption/decryption

Supported TLS versions include SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, but on the latest ESP-IDF, SSL 3.0, TLS 1.0, and TLS 1.1 have been removed from Mbed TLS. Supported DTLS versions include DTLS 1.0, DTLS 1.1, and DTLS 1.2, but on the latest ESP-IDF, DTLS 1.0 has been removed from Mbed TLS.
.. note::

Mbed TLS v3.x.x series supports only TLS 1.2 and TLS 1.3 protocols. Support for SSL 3.0, TLS 1.0/1.1 and DTLS 1.0 has been removed (deprecated). TLS 1.3 is fully supported starting Mbed TLS v3.6.0 release, before this release some features were still in experimental state. Please refer to :component_file:`Mbed TLS ChangeLog <mbedtls/mbedtls/ChangeLog>` for more details.

Mbed TLS Documentation
----------------------
Expand Down Expand Up @@ -73,11 +74,6 @@ Following is a brief list of important config options accessible at ``Component
:SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration
:SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration

.. note::

Mbed TLS v3.6.0 and later support only TLS 1.2 and TLS 1.3 (SSL 3.0, TLS 1.0, TLS 1.1, and DTLS 1.0 are not supported). More information about this can be found out `here <https://github.com/espressif/mbedtls/blob/9bb5effc3298265f829878825d9bd38478e67514/docs/architecture/tls13-support.md>`__.


Performance and Memory Tweaks
-----------------------------

Expand Down Expand Up @@ -122,5 +118,5 @@ Reducing Binary Size
Under ``Component Config -> mbedTLS``, there are multiple Mbed TLS features which are enabled by default but can be disabled if not needed to save code size. More information can be about this can be found in :ref:`Minimizing Binary Size <minimizing_binary_mbedtls>` docs.


.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.4.1/
.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.1/
.. _`Knowledge Base`: https://mbed-tls.readthedocs.io/en/latest/kb/
12 changes: 4 additions & 8 deletions docs/zh_CN/api-reference/protocols/mbedtls.rst
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Mbed TLS

ESP-IDF 使用的 Mbed TLS `复刻仓库 <https://github.com/espressif/mbedtls>`_ 中包含对原生 Mbed TLS 的补丁。这些补丁与某些模块的硬件例程有关,如 ``bignum (MPI)`` 和 ``ECC``。

Mbed TLS 提供以下功能
Mbed TLS 通过提供以下内容支持 TLS 1.2、TLS 1.3 和 DTLS 1.2 通信

- TCP/IP 通信功能:监听、连接、接收、读/写。
- SSL/TLS 通信功能:初始化、握手、读/写。
Expand All @@ -18,8 +18,9 @@ Mbed TLS 提供以下功能:
- 哈希
- 加密/解密

TLS 版本支持 SSL 3.0, TLS 1.0、TLS 1.1、TLS 1.2 和 TLS 1.3,但是最新的 ESP-IDF 上 Mbed TLS 已经移除了 SSL 3.0、TLS 1.0 和 TLS 1.1。DTLS 版本支持 DTLS 1.0、DTLS 1.1 和 DTLS 1.2,但最新的 ESP-IDF 上 Mbed TLS 已经移除了 DTLS 1.0。
.. note::

Mbed TLS v3.x.x 系列仅支持 TLS 1.2 和 TLS 1.3 协议。对 SSL 3.0、TLS 1.0/1.1 和 DTLS 1.0 的支持已被删除(弃用)。从 Mbed TLS v3.6.0 版本开始完全支持 TLS 1.3,在此版本之前,某些功能仍处于试验状态。有关更多详细信息,请参阅 :component_file:`Mbed TLS ChangeLog <mbedtls/mbedtls/ChangeLog>`。

Mbed TLS 文档
------------------
Expand Down Expand Up @@ -73,11 +74,6 @@ ESP-IDF 中的示例使用 :doc:`/api-reference/protocols/esp_tls`,为访问
:SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: 支持硬件 MPI (bignum) 加速
:SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: 支持硬件 ECC 加速

.. note::

Mbed TLS v3.0.0 及其更新版本仅支持 TLS 1.2 和 TLS 1.3,不支持 SSL 3.0、TLS 1.0、TLS 1.1、和 DTLS 1.0)。TLS 1.3 尚在试验阶段,仅支持客户端。要了解更多信息,请点击 `此处 <https://github.com/espressif/mbedtls/blob/9bb5effc3298265f829878825d9bd38478e67514/docs/architecture/tls13-support.md>`__。


性能和内存调整
------------------

Expand Down Expand Up @@ -122,5 +118,5 @@ ESP-IDF 中的示例使用 :doc:`/api-reference/protocols/esp_tls`,为访问
在 ``Component Config -> mbedTLS`` 中,有多个 Mbed TLS 功能默认为启用状态。如果不需要这些功能,可将其禁用以减小固件大小。要了解更多信息,请参考 :ref:`Minimizing Binary Size <minimizing_binary_mbedtls>` 文档。


.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.4.1/
.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.1/
.. _`Knowledge Base`: https://mbed-tls.readthedocs.io/en/latest/kb/

0 comments on commit e8dc634

Please sign in to comment.