Fix and improve logs and documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/ChangeLog.d/tls13-misc-changelogs.txt b/ChangeLog.d/tls13-misc-changelogs.txt
index f097d6c..a575b33 100644
--- a/ChangeLog.d/tls13-misc-changelogs.txt
+++ b/ChangeLog.d/tls13-misc-changelogs.txt
@@ -1,19 +1,18 @@
Bugfix
* Fix a TLS 1.3 handshake failure when the first attempt to send the client
- Finished message on the network cannot be satisfied.
+ Finished message on the network cannot be satisfied. Fixes #5499.
Features
* Add support for authentication of TLS 1.3 clients by TLS 1.3 servers.
* Add support for server HelloRetryRequest message. The TLS 1.3 client is
now capable of negotiating another shared secret if the one sent in its
first ClientHello was not suitable to the server.
- * Add support for TLS version negotiation. If both TLS 1.2 and TLS 1.3
- protocols are enabled in the build of Mbed TLS, the TLS client now
+ * Add support for client-side TLS version negotiation. If both TLS 1.2 and
+ TLS 1.3 protocols are enabled in the build of Mbed TLS, the TLS client now
negotiates TLS 1.3 or TLS 1.2 with TLS servers.
* Enable building of Mbed TLS with TLS 1.3 protocol support but without TLS
1.2 protocol support.
* Mbed TLS provides an implementation of a TLS 1.3 server (ephemeral key
establishment only). See docs/architecture/tls13-support.md for a
description of the support. The MBEDTLS_SSL_PROTO_TLS1_3 and
- MBEDTLS_SSL_SRV_C configuration options control the enablement of the
- support.
+ MBEDTLS_SSL_SRV_C configuration options control this.
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index de92690..10da3c5 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -39,31 +39,30 @@
- Supported ClientHello extensions:
- | Extension | Mbed TLS | Prototype (1) |
- | ---------------------------- | -------- | ------------- |
- | server_name | YES | YES |
- | max_fragment_length | no | YES |
- | status_request | no | no |
- | supported_groups | YES | YES |
- | signature_algorithms | YES | YES |
- | use_srtp | no | no |
- | heartbeat | no | no |
- | apln | YES | YES |
- | signed_certificate_timestamp | no | no |
- | client_certificate_type | no | no |
- | server_certificate_type | no | no |
- | padding | no | no |
- | key_share | YES | YES |
- | pre_shared_key | no | YES |
- | psk_key_exchange_modes | no | YES |
- | early_data | no | YES |
- | cookie | no | YES |
- | supported_versions | YES | YES |
- | certificate_authorities | no | no |
- | post_handshake_auth | no | no |
- | signature_algorithms_cert | no | no |
+ | Extension | Support |
+ | ---------------------------- | ------- |
+ | server_name | YES |
+ | max_fragment_length | no |
+ | status_request | no |
+ | supported_groups | YES |
+ | signature_algorithms | YES |
+ | use_srtp | no |
+ | heartbeat | no |
+ | apln | YES |
+ | signed_certificate_timestamp | no |
+ | client_certificate_type | no |
+ | server_certificate_type | no |
+ | padding | no |
+ | key_share | YES |
+ | pre_shared_key | no |
+ | psk_key_exchange_modes | no |
+ | early_data | no |
+ | cookie | no |
+ | supported_versions | YES |
+ | certificate_authorities | no |
+ | post_handshake_auth | no |
+ | signature_algorithms_cert | no |
- (1) This is just for comparison.
- Supported groups: depends on the library configuration.
Potentially all ECDHE groups:
@@ -104,8 +103,8 @@
MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SSL_KEEP_PEER_CERTIFICATE, so these options
must be enabled.
- Most of Mbed TLS SSL/TLS related features are not supported or not applicable
- to the TLS 1.3 implementation:
+ Most of the Mbed TLS SSL/TLS related options are not supported or not
+ applicable to the TLS 1.3 implementation:
| Mbed TLS configuration option | Support |
| ---------------------------------------- | ------- |
@@ -126,7 +125,7 @@
| MBEDTLS_ECP_RESTARTABLE | no |
| MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED | no |
| | |
- | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (1) |
+ | MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
| MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED | n/a |
@@ -151,8 +150,7 @@
Prototype upstreaming status
----------------------------
-The following summarizes which parts of the TLS 1.3 prototype remain to be
-upstreamed:
+The following parts of the TLS 1.3 prototype remain to be upstreamed:
- Pre-shared keys, session resumption and 0-RTT data (both client and server
side).
