Addition of migration guide and corrections to the ChangeLog file

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz 2021-05-14 11:09:44 +02:00
parent 97e41723fa
commit d807060e0a
2 changed files with 21 additions and 5 deletions

View file

@ -1,9 +1,14 @@
Removals Removals
* Remove the following deprecated library constants * Remove the TLS 1.0, TLS 1.1 and DTLS 1.0 support by removing the following
MBEDTLS_SSL_PROTO_TLS1, MBEDTLS_SSL_PROTO_TLS1_1, deprecated library constants: MBEDTLS_SSL_PROTO_TLS1,
MBEDTLS_SSL_CBC_RECORD_SPLITTING, MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING,
MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED, MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED,
MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED and functions MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, MBEDTLS_SSL_RECORD_CHECKING,
ssl_write_split(), mbedtls_ssl_conf_cbc_record_splitting() as well as test MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE,
MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK, and functions:
ssl_write_split(), mbedtls_ssl_conf_cbc_record_splitting(), tls1_prf(),
ssl_update_checksum_md5sha1(), mbedtls_ssl_get_key_exchange_md_ssl_tls(),
mbedtls_ssl_check_record(), ssl_check_record(), ssl_calc_verify_tls(),
ssl_calc_finished_tls(), mbedtls_ssl_conf_fallback() as well as test
function component_test_variable_ssl_in_out_buffer_len_record_splitting(). function component_test_variable_ssl_in_out_buffer_len_record_splitting().
Fixes #4286. Fixes #4286.

View file

@ -0,0 +1,11 @@
Remove suport for TLS 1.0, 1.1 and DLTS 1.0
-------------------------------------------
This change affects users of the TLS 1.0, 1.1 and DTLS 1.0.
The versions of (D)TLS that are being removed are not as secure as the latest
versions. Keeping them in the library creates opportunities for misconfiguration
and possibly downgrade attacks. More generally, more code means a larger attack
surface, even if the code is supposedly not used.
The migration path is to adopt the latest versions of the protocol.