Dear Maren,
Sorry for the very long delay. I don't think you're missing anything, we just haven't implemented RFC 8734 yet.
This is absolutely something we can consider adding in Mbed TLS 4.x, but probably not 3.6.x which, being an LTS branch, should only receive bug fixes and security fixes.
To be candid with you, we have a lot of other things going on, and this seems unlikely to make it to the top of our list soon (unless more people come asking about it), but if you have the bandwidth to open a PR about it, please ping me (mpg on github) and I'll be sure to review it!
Best regards, Manuel.
________________________________ From: Maren Konrad via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 12 November 2024 12:50 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] TLS 1.3 and brainpool curves
Dear MbedTLS maintainers,
we are already using MBedTLS, however, we recently enabled TLS 1.3 and found that our certificates doesn't work anymore, because they are brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the question would be, if I missed any configuration to enable the usage of brainpool curves (which are working for TLS 1.2) or if there are any plans, that these are getting supported by MBedTLS 3.6.x?
Best regards,
Maren Konrad