Driver-only FFDH is not good enough for DHE support in TLS 1.2

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
author: Gilles Peskine <Gilles.Peskine@arm.com> 2024-04-30 14:25:30 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> 2024-04-30 16:20:20 +0200
commit: ff3b8211ffb9c4231e21bd452dd0426a248587a5 (patch)
tree: e947963ca30864a0a6af05e68edcf6f124dc1854 /docs
parent: 6191f4aeb567beb356eee03c984950f0cb10a559 (diff)
download: mbedtls-ff3b8211ffb9c4231e21bd452dd0426a248587a5.zip
mbedtls-ff3b8211ffb9c4231e21bd452dd0426a248587a5.tar.gz
mbedtls-ff3b8211ffb9c4231e21bd452dd0426a248587a5.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index 4095d8e..5d950b0 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -277,6 +277,11 @@ The same holds for the associated algorithm:
 `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
 removing builtin support (i.e. `MBEDTLS_DHM_C`).
 
+Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the
+Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer
+of Mbed TLS only supports DHE cipher suites if built-in FFDH
+(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+
 RSA
 ---
author	Gilles Peskine <Gilles.Peskine@arm.com>	2024-04-30 14:25:30 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	2024-04-30 16:20:20 +0200
commit	ff3b8211ffb9c4231e21bd452dd0426a248587a5 (patch)
tree	e947963ca30864a0a6af05e68edcf6f124dc1854 /docs
parent	6191f4aeb567beb356eee03c984950f0cb10a559 (diff)
download	mbedtls-ff3b8211ffb9c4231e21bd452dd0426a248587a5.zip mbedtls-ff3b8211ffb9c4231e21bd452dd0426a248587a5.tar.gz mbedtls-ff3b8211ffb9c4231e21bd452dd0426a248587a5.tar.bz2