Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
This commit is contained in:
Tom Cosgrove 2022-06-30 09:48:40 +01:00
parent afb2fe1acf
commit d7adb3c7d9
2 changed files with 7 additions and 6 deletions

View file

@ -1,4 +1,4 @@
Bugfix
* Fix check_config.h to check that we have MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this explicit in the
documentation. Fixes #5610.
when MBEDTLS_SSL_PROTO_TLS1_3 is specified, and make this and other
dependencies explicit in the documentation. Fixes #5610.

View file

@ -140,12 +140,12 @@ MVP definition
in the sense that when enabling the TLS 1.3 MVP in the library there is rarely
any need to modify the configuration from that used for TLS 1.2.
The two exceptions to this are:
The exceptions to this are:
- The TLS 1.3 MVP is not compatible with MBEDTLS_USE_PSA_CRYPTO, so this option
must be disabled.
- The TLS 1.3 MVP requires MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, so this option
must be enabled.
- The TLS 1.3 MVP requires MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SSL_KEEP_PEER_CERTIFICATE,
so these options must be enabled.
Mbed TLS SSL/TLS related features are not supported or not applicable to the
TLS 1.3 MVP:
@ -181,9 +181,10 @@ MVP definition
| MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a |
| | |
| MBEDTLS_PSA_CRYPTO_C | no (1) |
| MBEDTLS_USE_PSA_CRYPTO | no |
(1) This option must remain in its default state of enabled.
(1) These options must remain in their default state of enabled.
(2) Key exchange configuration options for TLS 1.3 will likely to be
organized around the notion of key exchange mode along the line
of the MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE/PSK/PSK_EPHEMERAL/EPHEMERAL