This affects users of the SSL key export APIs:
Those APIs have been removed and replaced by the new API
mbedtls_ssl_set_export_keys_cb(). This API differs from the previous key export API in the following ways:
For users which do not rely on raw keys and IV, adjusting to the new callback type should be straightforward - see the example programs programs/ssl/ssl_client2 and programs/ssl/ssl_server2 for callbacks for NSSKeylog, EAP-TLS and DTLS-SRTP.
Users which require access to the raw keys used to secure application traffic may derive those by hand based on the master secret and the handshake transcript hashes which can be obtained from the raw data on the wire. Such users are also encouraged to reach out to the Mbed TLS team on the mailing list, to let the team know about their use case.