Clarify that 1.3 is excluded
Don't mention "TLS 1.2 only" for PSK, as that could give the impression that the other things about TLS are supported beyond 1.2, which isn't the case currently. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
ca9101739a
commit
9155b0e396
1 changed files with 7 additions and 2 deletions
|
@ -64,7 +64,7 @@ keypair as a PK context: `mbedtls_x509write_crt_set_subject_key()` and
|
||||||
`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
|
`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
|
||||||
works but is so far untested.
|
works but is so far untested.
|
||||||
|
|
||||||
### PSA-held (opaque) keys for TLS 1.2 pre-shared keys (PSK)
|
### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
|
||||||
|
|
||||||
There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and
|
There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and
|
||||||
`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
|
`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
|
||||||
|
@ -72,7 +72,7 @@ register a PSA key for use with a PSK key exchange.
|
||||||
|
|
||||||
Benefits: isolation of long-term secrets.
|
Benefits: isolation of long-term secrets.
|
||||||
|
|
||||||
Limitations: the key can only be used with with TLS 1.2, and only with "pure"
|
Limitations: the key can only be used with "pure"
|
||||||
PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the
|
PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the
|
||||||
exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of
|
exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of
|
||||||
the user to make sure that when provisioning an opaque pre-shared key, the
|
the user to make sure that when provisioning an opaque pre-shared key, the
|
||||||
|
@ -154,6 +154,11 @@ Parts that are not covered yet
|
||||||
|
|
||||||
This is only a high-level overview, grouped by theme
|
This is only a high-level overview, grouped by theme
|
||||||
|
|
||||||
|
TLS: 1.3 experimental support
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
No part of the experimental support for TLS 1.3 is covered at the moment.
|
||||||
|
|
||||||
TLS: key exchanges / asymmetric crypto
|
TLS: key exchanges / asymmetric crypto
|
||||||
--------------------------------------
|
--------------------------------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue