@hidden
TL;DR: ... I fully understand that projects are ditching mbed TLS these days. It's generally not moving fast enough forward and lingering behind on important standards and even lacking support for features OpenSSL users takes for granted.

Longer read ...

We've just recently been through similar challenges in OpenVPN projects too. We've recently added support for mbedtls-3.0 and newer, which was held back due to licensing issues; Apache 2.0 and GPL has some challenges.

The TLS 1.3 support is at best not feature complete. They even state so themselves: github.com/Mbed-TLS/mbedtls/pu…

To my knowledge, not much has happened since this time.

Yes, mbed TLS development has improved over the last years. But it's essentially not moving fast enough; their backlog is just too overwhelming. Considering it even performs a lot worse than OpenSSL (especially on CPUs with accelerators available), the performance gap is just giving any reasons to look at mbed TLS any more. And it even has a general feature gap compared to what OpenSSL is capable of as well. Unfortunately.

PolarSSL (before it got acquired by ARM and the mbed organisation) had some progress and moved forward. And at that time, the OpenSSL was not properly funded.

Now OpenSSL is now properly funded, better organised and having paid staff managing and developing the project. So the table has turned. mbed TLS moves very slowly forward (feels understaffed) ... So OpenSSL seems now to be in a far better position than mbed TLS is.

Define TLS 1.3 MVP and document coding rules by ronald-cron-arm · Pull Request #4963 · Mbed-TLS/mbedtls

Fixes #4951 Status IN DEVELOPMENT Requires Backporting NO

^GitHub