Revised presentation of cipher suites
Include patterns on the official names.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/announce-4.0-removals.txt b/ChangeLog.d/announce-4.0-removals.txt
index aac1f7d..5942e3a 100644
--- a/ChangeLog.d/announce-4.0-removals.txt
+++ b/ChangeLog.d/announce-4.0-removals.txt
@@ -7,13 +7,16 @@
- Finite-field Diffie-Hellman with custom groups.
(RFC 7919 groups remain supported.)
- Elliptic curves of size 225 bits or less.
- * The following mechanisms are planned to be removed from (D)TLS 1.2
+ * The following cipher suites are planned to be removed from (D)TLS 1.2
in Mbed TLS 4.0:
- - RSA decryption (i.e. cipher suites using RSA without a key exchange:
- cipher suites using an RSA signature and ECDHE are staying).
- - Static ECDH (ephemeral ECDH, i.e. cipher suites using ECDHE, is staying).
- - Finite-field Diffie-Hellman (i.e. DHE; ECDHE is staying)
- - All cipher suites using CBC.
+ - TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using
+ RSA decryption.
+ (RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.)
+ - TLS_ECDH_*, i.e. cipher suites using static ECDH.
+ (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
+ - TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman.
+ (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
+ - TLS_*CBC*, i.e. all cipher suites using CBC.
* The following low-level interfaces are planned to be removed from the
public API in Mbed TLS 4.0:
- Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h;