Why OpenVPN3 uses mbedTLS 2.28.4, when >3 versions are available

[shyamsundar87]

According to https://ciphersuite.info/ only TLS1.3 inclusive ciphers seem to be recommended.
So why does OpenVPN doesnt upgrade to recent TLS versions.

[schwabe]

The main focus of OpenVPN 3.x library is OpenSSL nowadays. But I think mbed TLS 3.x should be supported if you build it yourself. But that will not help you with TLS 1.3.

For OpenVPN 2.x, which supports mbed TLS 3.x, we have to disable TLS 1.3 since mbed TLS 3.x lacks features (TLS EKM with TLS 1.3) that currently make it impossible to use TLS 1.3 with OpenVPN and mbed TLS 3.x

[schwabe]

Side note: https://ciphersuite.info/cs/?security=recommended includes TLS 1.2 cipher suites like TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

[ordex]

I think @shyamsundar87 is just confused by the naming. TLS1.3 is the protocol version. mbedTLS2.x is the LIBRARY version.

ON top of that read what Arne said above regarding mbedTLS and its limitations.

[shyamsundar87]

Side note: https://ciphersuite.info/cs/?security=recommended includes TLS 1.2 cipher suites like TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDHE mostly must be related to Encrypted client hello. But TLS1.2 might include lots of other insecure ciphers as well. Just to include 1 cipher from 1.2, its not wiser to use it as a whole I suppose.

[schwabe]

You are confusing encrypted client hello or ECH with Elliptic Curve Diffie-Hellman Ephemeral (ECDHE).

They are very different things. And that cipher was an example. Of the list actually only the first three cipher suites (TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256) are TLS 1.3 cipher suites.