Update TLS 1.3 support document
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 2a1faed..f30590b 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -28,9 +28,12 @@
- Mbed TLS does not support DHE key establishment.
- - Mbed TLS does not support pre-shared keys, including any form of
- session resumption. This implies that it does not support sending early
- data (0-RTT data).
+ - Mbed TLS supports pre-shared keys for key establishment, pre-shared keys
+ provisioned externally as well as provisioned via the ticket mechanism.
+
+ - Mbed TLS supports session resumption via the ticket mechanism.
+
+ - Mbed TLS does not support sending or receiving early data (0-RTT data).
- Supported cipher suites: depends on the library configuration. Potentially
all of them:
@@ -54,8 +57,8 @@
| server_certificate_type | no |
| padding | no |
| key_share | YES |
- | pre_shared_key | no |
- | psk_key_exchange_modes | no |
+ | pre_shared_key | YES |
+ | psk_key_exchange_modes | YES |
| early_data | no |
| cookie | no |
| supported_versions | YES |
@@ -118,7 +121,7 @@
| MBEDTLS_SSL_RENEGOTIATION | n/a |
| MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | no |
| | |
- | MBEDTLS_SSL_SESSION_TICKETS | no |
+ | MBEDTLS_SSL_SESSION_TICKETS | yes |
| MBEDTLS_SSL_SERVER_NAME_INDICATION | yes |
| MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH | no |
| | |
@@ -175,8 +178,7 @@
The following parts of the TLS 1.3 prototype remain to be upstreamed:
-- Pre-shared keys, session resumption and 0-RTT data (both client and server
- side).
+- Sending (client) and receiving (server) early data (0-RTT data).
- New TLS Message Processing Stack (MPS)