1## Removed features 2 3### Removal of obsolete key exchanges methods in (D)TLS 1.2 4 5Mbed TLS 4.0 no longer supports key exchange methods that rely on finite-field Diffie-Hellman (DHE) in TLS 1.2 and DTLS 1.2. (Only ephemeral Diffie-Hellman was ever supported, Mbed TLS 3.x already did not support static Diffie-Hellman.) Finite-field Diffie-Hellman remains supported in TLS 1.3. 6 7Mbed TLS 4.0 no longer supports key exchange methods that rely on RSA decryption (without forward secrecy). RSA signatures remain supported. This affects TLS 1.2 and DTLS 1.2 (TLS 1.3 does not have key exchanges using RSA decryption). 8 9That is, the following key exchange types are no longer supported: 10 11* RSA-PSK; 12* RSA (i.e. cipher suites using only RSA decryption: cipher suites using RSA signatures remain supported); 13* DHE-PSK (except in TLS 1.3); 14* DHE-RSA (except in TLS 1.3). 15 16The full list of removed cipher suites is: 17 18``` 19TLS-DHE-PSK-WITH-AES-128-CBC-SHA 20TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 21TLS-DHE-PSK-WITH-AES-128-CCM 22TLS-DHE-PSK-WITH-AES-128-CCM-8 23TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 24TLS-DHE-PSK-WITH-AES-256-CBC-SHA 25TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 26TLS-DHE-PSK-WITH-AES-256-CCM 27TLS-DHE-PSK-WITH-AES-256-CCM-8 28TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 29TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 30TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 31TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 32TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 33TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 34TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 35TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 36TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 37TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 38TLS-DHE-PSK-WITH-NULL-SHA 39TLS-DHE-PSK-WITH-NULL-SHA256 40TLS-DHE-PSK-WITH-NULL-SHA384 41TLS-DHE-RSA-WITH-AES-128-CBC-SHA 42TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 43TLS-DHE-RSA-WITH-AES-128-CCM 44TLS-DHE-RSA-WITH-AES-128-CCM-8 45TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 46TLS-DHE-RSA-WITH-AES-256-CBC-SHA 47TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 48TLS-DHE-RSA-WITH-AES-256-CCM 49TLS-DHE-RSA-WITH-AES-256-CCM-8 50TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 51TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 52TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 53TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 54TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 55TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA 56TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 57TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 58TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA 59TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 60TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 61TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 62TLS-RSA-PSK-WITH-AES-128-CBC-SHA 63TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 64TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 65TLS-RSA-PSK-WITH-AES-256-CBC-SHA 66TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 67TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 68TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 69TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 70TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 71TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 72TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 73TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 74TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 75TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 76TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 77TLS-RSA-PSK-WITH-NULL-SHA 78TLS-RSA-PSK-WITH-NULL-SHA256 79TLS-RSA-PSK-WITH-NULL-SHA384 80TLS-RSA-WITH-AES-128-CBC-SHA 81TLS-RSA-WITH-AES-128-CBC-SHA256 82TLS-RSA-WITH-AES-128-CCM 83TLS-RSA-WITH-AES-128-CCM-8 84TLS-RSA-WITH-AES-128-GCM-SHA256 85TLS-RSA-WITH-AES-256-CBC-SHA 86TLS-RSA-WITH-AES-256-CBC-SHA256 87TLS-RSA-WITH-AES-256-CCM 88TLS-RSA-WITH-AES-256-CCM-8 89TLS-RSA-WITH-AES-256-GCM-SHA384 90TLS-RSA-WITH-ARIA-128-CBC-SHA256 91TLS-RSA-WITH-ARIA-128-GCM-SHA256 92TLS-RSA-WITH-ARIA-256-CBC-SHA384 93TLS-RSA-WITH-ARIA-256-GCM-SHA384 94TLS-RSA-WITH-CAMELLIA-128-CBC-SHA 95TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 96TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 97TLS-RSA-WITH-CAMELLIA-256-CBC-SHA 98TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 99TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 100TLS-RSA-WITH-NULL-MD5 101TLS-RSA-WITH-NULL-SHA 102TLS-RSA-WITH-NULL-SHA256 103``` 104 105As a consequence of the removal of support for DHE in (D)TLS 1.2, the following functions are no longer useful and have been removed: 106 107``` 108mbedtls_ssl_conf_dh_param_bin() 109mbedtls_ssl_conf_dh_param_ctx() 110mbedtls_ssl_conf_dhm_min_bitlen() 111``` 112