Hi everyone,

The IETF has recently published RFC 8996, which formally deprecates TLS 1.0, TLS 1.1 and DTLS 1.0 (there is no DTLS 1.1). One of the stated goals of the RFC is to empower maintainers of (D)TLS stacks to remove them from their code base, reducing the maintenance cost and the attack surface at the same time.

This RFC comes right during the time we're preparing a new major version, which is the only time we allow ourselves to remove features. We'd like to take advantage of this opportunity by entirely removing support for TLS 1.0, TLS 1.1 and DTLS 1.0 in Mbed TLS 3.0. (They would obviously stay in our long-term support branches.)

If you find yourself needing support for these versions in Mbed TLS 3.0, now is the time to speak up!

More details can be found in the following github issue: https://github.com/ARMmbed/mbedtls/issues/4286

Feel free to discuss this issue on the list or on github, whatever's more convenient for you.

Best regards,

Manuel.