From e8dc63410825543edae3b927f6fc2aa9835378b2 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 30 Sep 2024 10:44:44 +0530 Subject: [PATCH] docs: update mbedtls guide for TLS 1.3 supported change --- docs/en/api-reference/protocols/mbedtls.rst | 12 ++++-------- docs/zh_CN/api-reference/protocols/mbedtls.rst | 12 ++++-------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/docs/en/api-reference/protocols/mbedtls.rst b/docs/en/api-reference/protocols/mbedtls.rst index 11a9fb02df3..cc636fd033c 100644 --- a/docs/en/api-reference/protocols/mbedtls.rst +++ b/docs/en/api-reference/protocols/mbedtls.rst @@ -9,7 +9,7 @@ Mbed TLS ESP-IDF uses a `fork `_ of Mbed TLS which includes a few patches (related to hardware routines of certain modules like ``bignum (MPI)`` and ``ECC``) over vanilla Mbed TLS. -Mbed TLS supports SSL 3.0 up to TLS 1.3 and DTLS 1.0 to 1.2 communication by providing the following: +Mbed TLS supports TLS 1.2, TLS 1.3 and DTLS 1.2 communication by providing the following: - TCP/IP communication functions: listen, connect, accept, read/write. - SSL/TLS communication functions: init, handshake, read/write. @@ -18,8 +18,9 @@ Mbed TLS supports SSL 3.0 up to TLS 1.3 and DTLS 1.0 to 1.2 communication by pro - Hashing - Encryption/decryption -Supported TLS versions include SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, but on the latest ESP-IDF, SSL 3.0, TLS 1.0, and TLS 1.1 have been removed from Mbed TLS. Supported DTLS versions include DTLS 1.0, DTLS 1.1, and DTLS 1.2, but on the latest ESP-IDF, DTLS 1.0 has been removed from Mbed TLS. +.. note:: + Mbed TLS v3.x.x series supports only TLS 1.2 and TLS 1.3 protocols. Support for SSL 3.0, TLS 1.0/1.1 and DTLS 1.0 has been removed (deprecated). TLS 1.3 is fully supported starting Mbed TLS v3.6.0 release, before this release some features were still in experimental state. Please refer to :component_file:`Mbed TLS ChangeLog ` for more details. Mbed TLS Documentation ---------------------- @@ -73,11 +74,6 @@ Following is a brief list of important config options accessible at ``Component :SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: Support for hardware MPI (bignum) acceleration :SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: Support for hardware ECC acceleration -.. note:: - - Mbed TLS v3.6.0 and later support only TLS 1.2 and TLS 1.3 (SSL 3.0, TLS 1.0, TLS 1.1, and DTLS 1.0 are not supported). More information about this can be found out `here `__. - - Performance and Memory Tweaks ----------------------------- @@ -122,5 +118,5 @@ Reducing Binary Size Under ``Component Config -> mbedTLS``, there are multiple Mbed TLS features which are enabled by default but can be disabled if not needed to save code size. More information can be about this can be found in :ref:`Minimizing Binary Size ` docs. -.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.4.1/ +.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.1/ .. _`Knowledge Base`: https://mbed-tls.readthedocs.io/en/latest/kb/ diff --git a/docs/zh_CN/api-reference/protocols/mbedtls.rst b/docs/zh_CN/api-reference/protocols/mbedtls.rst index 976d039ac40..2ed68754969 100644 --- a/docs/zh_CN/api-reference/protocols/mbedtls.rst +++ b/docs/zh_CN/api-reference/protocols/mbedtls.rst @@ -9,7 +9,7 @@ Mbed TLS ESP-IDF 使用的 Mbed TLS `复刻仓库 `_ 中包含对原生 Mbed TLS 的补丁。这些补丁与某些模块的硬件例程有关,如 ``bignum (MPI)`` 和 ``ECC``。 -Mbed TLS 提供以下功能: +Mbed TLS 通过提供以下内容支持 TLS 1.2、TLS 1.3 和 DTLS 1.2 通信: - TCP/IP 通信功能:监听、连接、接收、读/写。 - SSL/TLS 通信功能:初始化、握手、读/写。 @@ -18,8 +18,9 @@ Mbed TLS 提供以下功能: - 哈希 - 加密/解密 -TLS 版本支持 SSL 3.0, TLS 1.0、TLS 1.1、TLS 1.2 和 TLS 1.3,但是最新的 ESP-IDF 上 Mbed TLS 已经移除了 SSL 3.0、TLS 1.0 和 TLS 1.1。DTLS 版本支持 DTLS 1.0、DTLS 1.1 和 DTLS 1.2,但最新的 ESP-IDF 上 Mbed TLS 已经移除了 DTLS 1.0。 +.. note:: + Mbed TLS v3.x.x 系列仅支持 TLS 1.2 和 TLS 1.3 协议。对 SSL 3.0、TLS 1.0/1.1 和 DTLS 1.0 的支持已被删除(弃用)。从 Mbed TLS v3.6.0 版本开始完全支持 TLS 1.3,在此版本之前,某些功能仍处于试验状态。有关更多详细信息,请参阅 :component_file:`Mbed TLS ChangeLog `。 Mbed TLS 文档 ------------------ @@ -73,11 +74,6 @@ ESP-IDF 中的示例使用 :doc:`/api-reference/protocols/esp_tls`,为访问 :SOC_MPI_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_MPI`: 支持硬件 MPI (bignum) 加速 :SOC_ECC_SUPPORTED: - :ref:`CONFIG_MBEDTLS_HARDWARE_ECC`: 支持硬件 ECC 加速 -.. note:: - - Mbed TLS v3.0.0 及其更新版本仅支持 TLS 1.2 和 TLS 1.3,不支持 SSL 3.0、TLS 1.0、TLS 1.1、和 DTLS 1.0)。TLS 1.3 尚在试验阶段,仅支持客户端。要了解更多信息,请点击 `此处 `__。 - - 性能和内存调整 ------------------ @@ -122,5 +118,5 @@ ESP-IDF 中的示例使用 :doc:`/api-reference/protocols/esp_tls`,为访问 在 ``Component Config -> mbedTLS`` 中,有多个 Mbed TLS 功能默认为启用状态。如果不需要这些功能,可将其禁用以减小固件大小。要了解更多信息,请参考 :ref:`Minimizing Binary Size ` 文档。 -.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.4.1/ +.. _`API Reference`: https://mbed-tls.readthedocs.io/projects/api/en/v3.6.1/ .. _`Knowledge Base`: https://mbed-tls.readthedocs.io/en/latest/kb/