Clarify the TLS 1.3 situation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 3e83098e0173f625c849956eada978b514d2b065 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed May 11 13:27:44 2022 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jul 04 12:44:32 2022 +0200
tree: bf50e3aa49bba4416f8757fcb1d015f0bcce797d
parent: 103b9929d1bbea9e0e554b9e3abe46ddf086cb73 [diff] [blame]
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index e243660..8629721 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -1506,9 +1506,15 @@
  *       1.3 support that this option enables.
  *
  * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ * Note: even though TLS 1.3 depends on PSA Crypto, if you want it to only use
+ * PSA for all crypto operations, you need to also enable
+ * MBEDTLS_USE_PSA_CRYPTO; otherwise X.509 operations, and functions that are
+ * common with TLS 1.2 (record protection, running handshake hash) will still
+ * use non-PSA crypto.
  *
  * Uncomment this macro to enable the support for TLS 1.3.
- *
  */
 //#define MBEDTLS_SSL_PROTO_TLS1_3
commit	3e83098e0173f625c849956eada978b514d2b065	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed May 11 13:27:44 2022 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jul 04 12:44:32 2022 +0200
tree	bf50e3aa49bba4416f8757fcb1d015f0bcce797d
parent	103b9929d1bbea9e0e554b9e3abe46ddf086cb73 [diff] [blame]