Modifies ChangeLog and Migration Guide

Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>

ChangeLog

@@ -32,8 +32,6 @@ API changes
    * Drop support for parsing SSLv2 ClientHello
      (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
    * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
-   * Drop support for compatibility with our own previous buggy
-     implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
    * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
    * Drop support for RC4 TLS ciphersuites.
    * Drop support for single-DES ciphersuites.
@@ -1688,16 +1686,6 @@ Changes
 
 = mbed TLS 2.8.0 branch released 2018-03-16
 
-Default behavior changes
-   * The truncated HMAC extension now conforms to RFC 6066. This means
-     that when both sides of a TLS connection negotiate the truncated
-     HMAC extension, Mbed TLS can now interoperate with other
-     compliant implementations, but this breaks interoperability with
-     prior versions of Mbed TLS. To restore the old behavior, enable
-     the (deprecated) option MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT in
-     config.h. Found by Andreas Walz (ivESK, Offenburg University of
-     Applied Sciences).
-
 Security
    * Fix implementation of the truncated HMAC extension. The previous
      implementation allowed an offline 2^80 brute force attack on the

ChangeLog.d/rm-truncated-hmac-ext.txt

@@ -1,4 +1,5 @@
 Removals
-   * Remove MBEDTLS_SSL_TRUNCATED_HMAC config option. Users are better served by
+   * Remove MBEDTLS_SSL_TRUNCATED_HMAC and also remove
+     MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT config option. Users are better served by
      using a CCM-8 ciphersuite than a CBC ciphersuite with truncated HMAC.
-     Addresses #4341.
+     See issue #4341 for more details.

docs/3.0-migration-guide.d/remove-truncated-HMAC-extension.md

@@ -1,10 +0,0 @@
-Remove the truncated HMAC extension
------------------------------------
-
-This affects all users who use the truncated HMAC extension for cryptographic
-operations.
-
-The config option `MBEDTLS_SSL_TRUNCATED_HMAC` has been removed. Users concerned
-about overhead are better served by using any of the CCM-8 ciphersuites rather
-than a CBC ciphersuite with truncated HMAC, and so going forward this must be
-the approach taken.

docs/3.0-migration-guide.md

@@ -137,17 +137,13 @@ and relied on that version in order to communicate with peers that are not up
 to date. If one of your peers is in that case, please try contacting them and
 encouraging them to upgrade their software.
 
-Remove support for compatibility with old Mbed TLS's truncated HMAC
+Remove support for truncated HMAC
--------------------------------------------------------------------
+---------------------------------
 
-This doesn't affect people using the default configuration as it was already
+This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC`
-disabled by default.
+`MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and used the truncated HMAC extension.
-
+Please consider using a CCM-8 ciphersuite instead of the Truncated HMAC
-This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and
+extension, or convincing your peer to upgrade their version of Mbed TLS.
-used the Truncated HMAC extension to communicate with peers using old version
-of Mbed TLS. Please consider using a CCM-8 ciphersuite instead of the
-Truncated HMAC extension, or convincing your peer to upgrade their version of
-Mbed TLS.
 
 Remove support for TLS record-level compression
 -----------------------------------------------