diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 5be42ea28..b933edfe6 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -2,7 +2,7 @@ This guide details the steps required to migrate from Mbed TLS version 2.x to Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks -compatibility with previous versions, so users (and alt implementors) might +compatibility with previous versions, so users (and alt implementers) might need to change their own code in order to make it work with Mbed TLS 3.0. Here's the list of breaking changes; each entry should help you answer these @@ -178,7 +178,7 @@ The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, `MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were removed. The primes from RFC 5114 are deprecated because their derivation is not documented and therefore their usage constitutes a security risk; they are fully -removed from the library. Please use parameters from RFC3526 (still in the +removed from the library. Please use parameters from RFC 3526 (still in the library, only in binary form) or RFC 7919 (also available in the library) or other trusted sources instead. @@ -580,13 +580,13 @@ extension if it contains any unsupported certificate policies. ### Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `mbedtls_config.h` This change affects users who have chosen the configuration options to disable the -library's verification of the `keyUsage` and `extendedKeyUsage` fields of x509 +library's verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 certificates. The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE` -configuration options are removed and the X509 code now behaves as if they were +configuration options are removed and the X.509 code now behaves as if they were always enabled. It is consequently not possible anymore to disable at compile -time the verification of the `keyUsage` and `extendedKeyUsage` fields of X509 +time the verification of the `keyUsage` and `extendedKeyUsage` fields of X.509 certificates. The verification of the `keyUsage` and `extendedKeyUsage` fields is important,