TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 45b91c93f19e4cd220809eaf1ebf0c63217da41a^2..45b91c93f19e4cd220809eaf1ebf0c63217da41a / .
commit45b91c93f19e4cd220809eaf1ebf0c63217da41a[log] [tgz]
authorGilles Peskine <gilles.peskine@arm.com>Tue Dec 07 12:38:06 2021 +0100
committerGitHub <noreply@github.com>Tue Dec 07 12:38:06 2021 +0100
treeabd4deff57b1be0036446aded4af81fee5f14029
parentd7c091060f5b4216d37f5c4c5f4983c1402c71ba [diff]
parentaa1e9857a50e6efeb4d7a1265ea7509c1e8684ba [diff]
Merge pull request #5269 from daverodgman/fix-builds-with-only-mbedtls_bignum_c-defined-development

Fix builds when config.h only defines MBEDTLS_BIGNUM_C
diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md
index 8848d66..0dceeeb 100644
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md

@@ -133,17 +133,23 @@
 
   (1) This is just for comparison.
 
-  (2) The MVP sends one shared secret corresponding to the configured preferred
-      group. The preferred group is the group of the first curve in the list of
-      allowed curves as defined by the configuration. The allowed curves are
-      by default ordered as follow: `secp256r1`, `x25519`, `secp384r1`
-      and finally `secp521r1`. This default order is aligned with the
-      list of mandatory-to-implement groups (in absence of an application
-      profile standard specifying otherwise) defined in section 9.1 of the
-      specification. The list of allowed curves can be changed through the
-      `mbedtls_ssl_conf_curves()` API.
+  (2) The MVP sends only one shared secret corresponding to the configured
+      preferred group. This could end up with connection failure if the
+      server does not support our preferred curve, as the MVP does not implement
+      HelloRetryRequest. The preferred group is the group of the first curve in
+      the list of allowed curves as defined by the configuration. The allowed
+      curves are by default ordered as follows: `x25519`, `secp256r1`,
+      `secp384r1` and finally `secp521r1`. Note that, in the absence of an
+      application profile standard specifying otherwise, section 9.1 of the
+      specification rather promotes curve `secp256r1` to be supported over
+      curve `x25519`. The MVP would, however, rather keep the preference order
+      currently promoted by Mbed TLS as this applies to TLS 1.2 as well, and
+      changing the order only for TLS1.3 would be potentially difficult.
+      In the unlikely event a server does not support curve `x25519` but does
+      support curve `secp256r1`, curve `secp256r1` can be set as the preferred
+      curve through the `mbedtls_ssl_conf_curves()` API.
 
-  (3) The MVP proposes only TLS 1.3 and does not support version negociation.
+  (3) The MVP proposes only TLS 1.3 and does not support version negotiation.
       Out-of-protocol fallback is supported though if the Mbed TLS library
       has been built to support both TLS 1.3 and TLS 1.2: just set the
       maximum of the minor version of the SSL configuration to