mbedtls/docs/3.0-migration-guide.d
Gilles Peskine b1940a76ad In TLS, order curves by resource usage, not size
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.

So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.

The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
..
00README Quit using title case for entry titles 2021-05-04 13:06:34 +02:00
ccm-alt.md Add migration guide for developers of CCM alternative implementation 2021-06-01 09:07:46 +02:00
cipher-delayed-output.md Fix some typos 2021-06-01 09:40:53 +02:00
combine_SSL_CID-TLS1_3_PADDING_GRANULARITY_options.md Adding removed defines to check_config.h and fixing the migration guide entry. 2021-05-31 12:58:25 +02:00
csr-add-critical-extension.md Expose flag for critical extensions 2021-05-27 14:27:43 +02:00
default-curves.md In TLS, order curves by resource usage, not size 2021-06-17 21:46:29 +02:00
gcm-alt.md Add migration guides for GCM 2021-05-20 11:51:46 +02:00
gcm-multipart.md Reorder the text to say who is affected first 2021-05-20 12:11:19 +02:00
max-record-payload-api.md Add migration guide 2021-05-23 06:03:55 +01:00
modify_MBEDTLS_ECP_FIXED_POINT_OPTIM_behaviour.md fix comment, ChangeLog & migration-guide for MBEDTLS_ECP_FIXED_POINT_OPTIM 2021-06-03 15:47:40 +08:00
modify_SHA384_option_behaviour.md Improve migration guide for SHA384 option 2021-05-20 13:52:48 +02:00
relaxed-psk-semantics.md Fix typo in migration guide 2021-05-28 09:54:31 +01:00
remove-enable-weak-ciphersuites.md Add change log and migration guide 2021-05-04 15:59:10 +02:00
remove-max-content-len.md Remove MBEDTLS_SSL_MAX_CONTENT_LEN option 2021-05-10 17:02:48 +01:00
remove-null-entropy.md Provide more in-depth migration guide after removal of null entropy. 2021-05-19 16:35:51 +02:00
remove-rsa-mode-parameter.md Corrections to ChangeLog and Migration guide 2021-05-25 15:00:19 +01:00
Remove_3DES_ciphersuites.md Remove 3DES ciphersuites 2021-05-31 12:11:53 +02:00
remove_deprecated_functions_and_constants.md Fix migration guide for now-removed deprecated functions 2021-06-08 07:50:55 +01:00
remove_mbedtls_check_params_option.md Changes after code review 2021-05-27 17:34:14 +02:00
remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md Correction to the migr. guide wording and removal of not needed option 2021-06-09 13:31:42 +02:00
remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md Correction to the migration guide entry wording 2021-06-09 16:54:20 +02:00
remove_SSL_DTLS_BADMAC_LIMIT_option.md Addition of the migration guide entry. 2021-05-26 15:29:36 +02:00
remove_ssl_record_checking.md New line added at the end of the migration guide entry 2021-05-17 11:16:52 +02:00
remove_supp_for_extensions_in_pre-v3_X_509_certs.md Changing the migration guide entry wording. 2021-05-31 13:12:16 +02:00
remove_support_for_tls_1.0_1.1_and_dtls_1.0.md Editorial improvements 2021-06-07 12:00:04 +02:00
rename_the__ret_functions.md Corrections to the docs wording and changes to aux scripts 2021-06-15 00:18:32 +02:00
rsa-padding.md Improve migration guide 2021-06-09 10:54:14 +02:00
separate_SHA224_from_SHA256.md Add migration guide for SHA384 and SHA224 options. 2021-05-19 13:22:53 +02:00
session-cache-api.md Add migration guide 2021-05-18 05:27:18 +01:00
sha512-output-type.md Change sha256 output type from an array to a pointer 2021-05-13 00:46:29 +02:00
ssl-error-code-cleanup.md Add migration guide 2021-05-14 17:10:27 +01:00
turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md Correction according to code review (function and param. names change 2021-06-14 13:46:21 +02:00