Blame - docs/4.0-migration-guide/feature-removals.md - mirror/mbed-tls

blob: b958f864fc87dd00e25b414c7881299072884fec [file] [log] [blame] [view]

Gilles Peskine	2649aa2	2025-06-25 21:41:23 +0200	[diff] [blame]	1	## Removed features
				2
				3	### Removal of obsolete key exchanges methods in (D)TLS 1.2
				4
Gilles Peskine	159a652	2025-06-30 10:59:59 +0200	[diff] [blame]	5	Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3.
Gilles Peskine	2649aa2	2025-06-25 21:41:23 +0200	[diff] [blame]	6
Gilles Peskine	159a652	2025-06-30 10:59:59 +0200	[diff] [blame]	7	Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption).
Gilles Peskine	2649aa2	2025-06-25 21:41:23 +0200	[diff] [blame]	8
				9	That is, the following key exchange types are no longer supported:
				10
				11	* RSA-PSK;
				12	* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported);
				13	* DHE-PSK (except in TLS 1.3);
				14	* DHE-RSA (except in TLS 1.3).
Gilles Peskine	cf9b557	2025-09-26 16:07:38 +0200	[diff] [blame]	15	* static ECDH (ECDH-RSA and ECDH-ECDSA, as opposed to ephemeral ECDH (ECDHE) which remains supported).
Gilles Peskine	2649aa2	2025-06-25 21:41:23 +0200	[diff] [blame]	16
				17	The full list of removed cipher suites is:
				18
				19	```
				20	TLS-DHE-PSK-WITH-AES-128-CBC-SHA
				21	TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
				22	TLS-DHE-PSK-WITH-AES-128-CCM
				23	TLS-DHE-PSK-WITH-AES-128-CCM-8
				24	TLS-DHE-PSK-WITH-AES-128-GCM-SHA256
				25	TLS-DHE-PSK-WITH-AES-256-CBC-SHA
				26	TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
				27	TLS-DHE-PSK-WITH-AES-256-CCM
				28	TLS-DHE-PSK-WITH-AES-256-CCM-8
				29	TLS-DHE-PSK-WITH-AES-256-GCM-SHA384
				30	TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256
				31	TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256
				32	TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384
				33	TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384
				34	TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
				35	TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256
				36	TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
				37	TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384
				38	TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256
				39	TLS-DHE-PSK-WITH-NULL-SHA
				40	TLS-DHE-PSK-WITH-NULL-SHA256
				41	TLS-DHE-PSK-WITH-NULL-SHA384
				42	TLS-DHE-RSA-WITH-AES-128-CBC-SHA
				43	TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
				44	TLS-DHE-RSA-WITH-AES-128-CCM
				45	TLS-DHE-RSA-WITH-AES-128-CCM-8
				46	TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
				47	TLS-DHE-RSA-WITH-AES-256-CBC-SHA
				48	TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
				49	TLS-DHE-RSA-WITH-AES-256-CCM
				50	TLS-DHE-RSA-WITH-AES-256-CCM-8
				51	TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
				52	TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
				53	TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256
				54	TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
				55	TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384
				56	TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
				57	TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
				58	TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256
				59	TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
				60	TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
				61	TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384
				62	TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
Gilles Peskine	cf9b557	2025-09-26 16:07:38 +0200	[diff] [blame]	63	TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA
				64	TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256
				65	TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256
				66	TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA
				67	TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384
				68	TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384
				69	TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256
				70	TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256
				71	TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384
				72	TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384
				73	TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256
				74	TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256
				75	TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
				76	TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384
				77	TLS-ECDH-ECDSA-WITH-NULL-SHA
				78	TLS-ECDH-RSA-WITH-AES-128-CBC-SHA
				79	TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256
				80	TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256
				81	TLS-ECDH-RSA-WITH-AES-256-CBC-SHA
				82	TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384
				83	TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384
				84	TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256
				85	TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256
				86	TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384
				87	TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384
				88	TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256
				89	TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256
				90	TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384
				91	TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384
				92	TLS-ECDH-RSA-WITH-NULL-SHA
Gilles Peskine	2649aa2	2025-06-25 21:41:23 +0200	[diff] [blame]	93	TLS-RSA-PSK-WITH-AES-128-CBC-SHA
				94	TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
				95	TLS-RSA-PSK-WITH-AES-128-GCM-SHA256
				96	TLS-RSA-PSK-WITH-AES-256-CBC-SHA
				97	TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
				98	TLS-RSA-PSK-WITH-AES-256-GCM-SHA384
				99	TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256
				100	TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256
				101	TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384
				102	TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384
				103	TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256
				104	TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256
				105	TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384
				106	TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384
				107	TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256
				108	TLS-RSA-PSK-WITH-NULL-SHA
				109	TLS-RSA-PSK-WITH-NULL-SHA256
				110	TLS-RSA-PSK-WITH-NULL-SHA384
				111	TLS-RSA-WITH-AES-128-CBC-SHA
				112	TLS-RSA-WITH-AES-128-CBC-SHA256
				113	TLS-RSA-WITH-AES-128-CCM
				114	TLS-RSA-WITH-AES-128-CCM-8
				115	TLS-RSA-WITH-AES-128-GCM-SHA256
				116	TLS-RSA-WITH-AES-256-CBC-SHA
				117	TLS-RSA-WITH-AES-256-CBC-SHA256
				118	TLS-RSA-WITH-AES-256-CCM
				119	TLS-RSA-WITH-AES-256-CCM-8
				120	TLS-RSA-WITH-AES-256-GCM-SHA384
				121	TLS-RSA-WITH-ARIA-128-CBC-SHA256
				122	TLS-RSA-WITH-ARIA-128-GCM-SHA256
				123	TLS-RSA-WITH-ARIA-256-CBC-SHA384
				124	TLS-RSA-WITH-ARIA-256-GCM-SHA384
				125	TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
				126	TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
				127	TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256
				128	TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
				129	TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
				130	TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384
				131	TLS-RSA-WITH-NULL-MD5
				132	TLS-RSA-WITH-NULL-SHA
				133	TLS-RSA-WITH-NULL-SHA256
				134	```
				135
				136	As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed:
				137
				138	```
				139	mbedtls_ssl_conf_dh_param_bin()
				140	mbedtls_ssl_conf_dh_param_ctx()
				141	mbedtls_ssl_conf_dhm_min_bitlen()
				142	```
Gilles Peskine	ce9f08a	2025-09-26 19:21:15 +0200	[diff] [blame]	143
				144	### Removal of elliptic curves
				145
				146	Following their removal from the crypto library, elliptic curves of less than 250 bits (secp192r1, secp192k1, secp224r1, secp224k1) are no longer supported in certificates and in TLS.
				147
				148	### Removal of deprecated functions
				149
				150	The deprecated functions `mbedtls_ssl_conf_min_version()` and `mbedtls_ssl_conf_max_version()`, and the associated constants `MBEDTLS_SSL_MAJOR_VERSION_3`, `MBEDTLS_SSL_MINOR_VERSION_3` and `MBEDTLS_SSL_MINOR_VERSION_4` have been removed. Use `mbedtls_ssl_conf_min_tls_version()` and `mbedtls_ssl_conf_max_tls_version()` with `MBEDTLS_SSL_VERSION_TLS1_2` or `MBEDTLS_SSL_VERSION_TLS1_3` instead.
				151
				152	The deprecated function `mbedtls_ssl_conf_sig_hashes()` has been removed. Use `mbedtls_ssl_conf_sig_algs()` instead.