Add comments about key_share and supported_versions support
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 29cda88..dce999f 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@@ -99,18 +99,31 @@
| client_certificate_type | no | no |
| server_certificate_type | no | no |
| padding | no | no |
- | key_share | YES | YES |
+ | key_share | YES (2) | YES |
| pre_shared_key | no | YES |
| psk_key_exchange_modes | no | YES |
| early_data | no | YES |
| cookie | no | YES |
- | supported_versions | YES | YES |
+ | supported_versions | YES (3) | YES |
| certificate_authorities | no | no |
| post_handshake_auth | no | no |
| signature_algorithms_cert | no | no |
(1) This is just for comparison.
+ (2) The MVP sends one shared secret corresponding to the configured preferred
+ group. The preferred group is the group of the first curve in the list of
+ allowed curves as defined by the configuration. By default, it is the
+ mandatory group as defined by section 9.1 of the specification,
+ `secp256r1`. The list of allowed curves can be set through the
+ `mbedtls_ssl_conf_curves()` API.
+
+ (3) The MVP proposes only TLS 1.3 and does not support version negociation.
+ Out-of-protocol fallback is supported though if the Mbed TLS library
+ has been built to support both TLS 1.3 and TLS 1.2: just set the
+ maximum of the minor version of the SSL configuration to
+ MBEDTLS_SSL_MINOR_VERSION_3 (`mbedtls_ssl_conf_min_version()` API) and
+ re-initiate a server handshake.
- Supported groups: depends on the library configuration.
Potentially all ECDHE groups:
@@ -121,8 +134,6 @@
ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
rsa_pss_rsae_sha256.
-- Supported versions: only TLS 1.3
-
- Support of Mbed TLS SSL/TLS related (not DTLS) features:
The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the