In #curl, we are back discussing deprecating TLS libraries without 1.3 support: github.com/curl/curl/pull/1354…
DEPRECATE.md: TLS libraries without 1.3 support by bagder · Pull Request #13544 · curl/curl
Brought to the curl-library list on March 7, 2024. Discussed since then. No particular objections have been heard except the worry that apple device people might miss Secure Transport. Once #13539 ...GitHub
Seirdy reshared this.
SuperIlu
in reply to daniel:// stenberg:// • • •Or does mbedTLS 3.x support TLSv1.3 now? I’ve yet to look into 3.x as I’m using 2.28.x in several projects and AFAIK that does not support TLSv1.3...
daniel:// stenberg://
in reply to SuperIlu • • •mbedtls: support TLS 1.3 by MAntoniak · Pull Request #13539 · curl/curl
GitHubSuperIlu
in reply to daniel:// stenberg:// • • •David Chisnall (*Now with 50% more sarcasm!*)
in reply to daniel:// stenberg:// • • •@dec_hl The version of mBedTLS with 1.3 support is huge. The focus seems to have shifted from Trusted Firmware, where you're running a small codebase at boot time, not tiny embedded systems.
We moved from mBedTLS to BearSSL because recent mBedTLS's new code size is larger than the total amount of RAM on the devices I care about.
Curl is also larger than I'd want to run on these devices (much less than 1 MiB of RAM in total), so that shouldn't be a problem.
I would love to see a from-scratch tiny QUIC library for embedded devices so that we could remove TCP support entirely.
daniel:// stenberg://
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •