From 1b240c7ec1fb8507c94ea5074d97d9dde51bc622 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 Aug 2024 22:38:52 +0200 Subject: [PATCH] Announce the main removals planned for 4.0 Signed-off-by: Gilles Peskine --- ChangeLog.d/announce-4.0-removals.txt | 29 +++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 ChangeLog.d/announce-4.0-removals.txt diff --git a/ChangeLog.d/announce-4.0-removals.txt b/ChangeLog.d/announce-4.0-removals.txt new file mode 100644 index 0000000000..9ae61c1219 --- /dev/null +++ b/ChangeLog.d/announce-4.0-removals.txt @@ -0,0 +1,29 @@ +New deprecations + * The following cryptographic mechanisms are planned to be removed + in Mbed TLS 4.0: + - DES (including 3DES). + - PKCS#1v1.5 encryption (RSA-PKCS1-v1_5). (OAEP, PSS, and PKCS#1v1.5 + signature are staying.) + - Finite-field Diffie-Hellman with custom groups. (RFC 7919 remain + supported.) + - Elliptic curves of size 225 bits or less. + * The following mechanisms are planned to be removed from (D)TLS 1.2 + in Mbed TLS 4.0: + - RSA decryption (i.e. cipher suites using RSA without a key exchange: + cipher suites using an RSA signature and ECDHE are staying). + - Static ECDH (ephemeral ECDH, i.e. cipher suites using ECDHE, is staying). + - Finite-field Diffie-Hellman (i.e. DHE; ECDHE is staying) + - All cipher suites using CBC. + * The following low-level interfaces are planned to be removed from the + public API in Mbed TLS 4.0: + - Hashes: md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h; + - Pseudorandom generation: ctr_drbg.h, hmac_drbg.h. + - Cipher primitives: aes.h, aria.h, camellia.h, chacha20.h, + chachapoly.h, poly1305.h; + - Cipher modes: ccm.h, cipher.h, cmac.h, gcm.h, hkdf.h; + - Private key encryption mechanisms: pkcs5.h, pkcs12.h. + - Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h, + ecp.h, rsa.h. + The cryptographic mechanisms remain present, but they will only be + accessible via the PSA API (psa_xxx functions introduced in + Mbed TLS 2.17.0) and, where relevant, PK.