Clarify that 1.3 is excluded
Don't mention "TLS 1.2 only" for PSK, as that could give the impression
that the other things about TLS are supported beyond 1.2, which isn't
the case currently.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index cdae3a8..af485ce8 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -64,7 +64,7 @@
`mbedtls_x509write_crt_set_issuer_key()`. Use of opaque contexts here probably
works but is so far untested.
-### PSA-held (opaque) keys for TLS 1.2 pre-shared keys (PSK)
+### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
There are two new API functions `mbedtls_ssl_conf_psk_opaque()` and
`mbedtls_ssl_set_hs_psk_opaque()`. Call one of these from an application to
@@ -72,7 +72,7 @@
Benefits: isolation of long-term secrets.
-Limitations: the key can only be used with with TLS 1.2, and only with "pure"
+Limitations: the key can only be used with "pure"
PSK key exchanges (ciphersuites starting with `TLS_PSK_WITH_`), to the
exclusion of RSA-PSK, DHE-PSK and ECDHE-PSK key exchanges. It is the responsibility of
the user to make sure that when provisioning an opaque pre-shared key, the
@@ -154,6 +154,11 @@
This is only a high-level overview, grouped by theme
+TLS: 1.3 experimental support
+-----------------------------
+
+No part of the experimental support for TLS 1.3 is covered at the moment.
+
TLS: key exchanges / asymmetric crypto
--------------------------------------