This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols.
These versions have been deprecated by RFC 8996. Keeping them in the library creates opportunities for misconfiguration and possibly downgrade attacks. More generally, more code means a larger attack surface, even if the code is supposedly not used.
The migration path is to adopt the latest versions of the protocol.
As a consequence of removing TLS 1.0, support for CBC record splitting was also removed, as it was a work-around for a weakness in this particular version. There is no migration path since the feature is no longer relevant.
As a consequence of currently supporting only one version of (D)TLS (and in the future 1.3 which will have a different version negociation mechanism), support for fallback SCSV (RFC 7507) was also removed. There is no migration path as it's no longer useful with TLS 1.2 and later.
As a consequence of currently supporting only one version of (D)TLS (and in the future 1.3 which will have a different concept of ciphersuites), support for configuring ciphersuites separately for each version via
mbedtls_ssl_conf_ciphersuites_for_version() was removed. Use
mbedtls_ssl_conf_ciphersuites() to configure ciphersuites to use with (D)TLS 1.2; in the future a different API will be added for (D)TLS 1.3.