Update TLS 1.3 support document

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-02-28 00:39:56 +00:00 · 2022-10-03 12:02:17 +02:00 · 2022-10-03 12:02:17 +02:00 · 93dcb1ba8d
commit 93dcb1ba8d
parent eac00ad2a6
1 changed files with 10 additions and 8 deletions
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@ -28,9 +28,12 @@ Support description

  - Mbed TLS does not support DHE key establishment.

-  - Mbed TLS does not support pre-shared keys, including any form of
-    session resumption. This implies that it does not support sending early
-    data (0-RTT data).
+  - Mbed TLS supports pre-shared keys for key establishment, pre-shared keys
+    provisioned externally as well as provisioned via the ticket mechanism.
+
+  - Mbed TLS supports session resumption via the ticket mechanism.
+
+  - Mbed TLS does not support sending or receiving early data (0-RTT data).

 - Supported cipher suites: depends on the library configuration. Potentially
  all of them:
@ -54,8 +57,8 @@ Support description
  | server_certificate_type      | no      |
  | padding                      | no      |
  | key_share                    | YES     |
-  | pre_shared_key               | no      |
-  | psk_key_exchange_modes       | no      |
+  | pre_shared_key               | YES     |
+  | psk_key_exchange_modes       | YES     |
  | early_data                   | no      |
  | cookie                       | no      |
  | supported_versions           | YES     |
@ -118,7 +121,7 @@ Support description
  | MBEDTLS_SSL_RENEGOTIATION                | n/a     |
  | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          | no      |
  |                                          |         |
-  | MBEDTLS_SSL_SESSION_TICKETS              | no      |
+  | MBEDTLS_SSL_SESSION_TICKETS              | yes     |
  | MBEDTLS_SSL_SERVER_NAME_INDICATION       | yes     |
  | MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH       | no      |
  |                                          |         |
@ -175,8 +178,7 @@ Prototype upstreaming status

 The following parts of the TLS 1.3 prototype remain to be upstreamed:

- Pre-shared keys, session resumption and 0-RTT data (both client and server
-  side).
+- Sending (client) and receiving (server) early data (0-RTT data).

 - New TLS Message Processing Stack (MPS)