Dear Maren,

Sorry for the very long delay. I don't think you're missing anything, we just haven't implemented RFC 8734 yet.

This is absolutely something we can consider adding in Mbed TLS 4.x, but probably not 3.6.x which, being an LTS branch, should only receive bug fixes and security fixes.

To be candid with you, we have a lot of other things going on, and this seems unlikely to make it to the top of our list soon (unless more people come asking about it), but if you have the bandwidth to open a PR about it, please ping me (mpg on github) and I'll be sure to review it!

Best regards,

Manuel.

From: Maren Konrad via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 12 November 2024 12:50
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] TLS 1.3 and brainpool curves

Dear MbedTLS maintainers,

we are already using MBedTLS, however, we recently enabled TLS 1.3 and
found that our certificates doesn't work anymore, because they are
brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the
question would be, if I missed any configuration to enable the usage of
brainpool curves (which are working for TLS 1.2) or if there are any
plans, that these are getting supported by MBedTLS 3.6.x?

Best regards,

Maren Konrad