commit a03fb29666317a397fa76db9f0d826162b3225cb
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 17 23:17:05 2021 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 17 23:17:05 2021 +0200
tree 048a5835e91ccd622181babd24988b2de4c0547b
parent ec78bc47b53b290c0c833744671433cdd42be241

Document backward compatibility promises for the default TLS profile

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

include/mbedtls/ssl.h

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b38bd72..4000369 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2918,6 +2918,14 @@
  *                 ECDHE-only curves selected according to the same criteria.
  *                 The order favors curves with the lowest resource usage.
  *
+ * \note           New minor versions of Mbed TLS may extend this list,
+ *                 for example if new curves are added to the library.
+ *                 New minor versions of Mbed TLS will not remove items
+ *                 from this list unless serious security concerns require it.
+ *                 New minor versions of Mbed TLS may change the order in
+ *                 keeping with the general principle of favoring the lowest
+ *                 resource usage.
+ *
  * \param conf     SSL configuration
  * \param curves   Ordered list of allowed curves,
  *                 terminated by MBEDTLS_ECP_DP_NONE.
@@ -2947,6 +2955,11 @@
  *                 The preference order is currently unspecified and may
  *                 change in future versions.
  *
+ * \note           New minor versions of Mbed TLS may extend this list,
+ *                 for example if new curves are added to the library.
+ *                 New minor versions of Mbed TLS will not remove items
+ *                 from this list unless serious security concerns require it.
+ *
  * \param conf     SSL configuration
  * \param hashes   Ordered list of allowed signature hashes,
  *                 terminated by \c MBEDTLS_MD_NONE.