diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index dd94644b5..3911141ae 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -409,7 +409,7 @@ Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()` instead, which also provides such upper bounds but takes more factors than just the MFL configuration into account. -### Change MBEDTLS_ECP_FIXED_POINT_OPTIM behavior +### Change `MBEDTLS_ECP_FIXED_POINT_OPTIM` behavior The option `MBEDTLS_ECP_FIXED_POINT_OPTIM` now increase code size and it does not increase peak RAM usage anymore. @@ -419,7 +419,7 @@ to `0` in your config file. The impact depends on the number and size of enabled curves. For example, for P-256 the difference is 1KB; see the documentation of this option for details. -### Replaced MBEDTLS_SHA512_NO_SHA384 with MBEDTLS_SHA384_C +### Replaced `MBEDTLS_SHA512_NO_SHA384` with `MBEDTLS_SHA384_C` This does not affect users who use the default `mbedtls_config.h`. MBEDTLS_SHA512_NO_SHA384 was disabled by default, now MBEDTLS_SHA384_C is @@ -519,7 +519,7 @@ RSA verification functions also no longer take random generator arguments (this was only needed when using a private key). This affects all applications using the RSA verify functions. -### Remove the SSL API mbedtls_ssl_get_session_pointer() +### Remove the SSL API `mbedtls_ssl_get_session_pointer()` This affects two classes of users: @@ -585,7 +585,7 @@ They are already niche or obsolete and most of them are weak or broken. For those reasons possible users should consider switching to modern and safe alternatives to be found in literature. -### Remove MBEDTLS_SSL_DTLS_BADMAC_LIMIT option +### Remove `MBEDTLS_SSL_DTLS_BADMAC_LIMIT` option This change does not affect users who used the default `mbedtls_config.h`, as the option MBEDTLS_SSL_DTLS_BADMAC_LIMIT was already on by default. @@ -663,7 +663,7 @@ other trusted sources instead. The file `include/mbedtls/net.h` was removed because its only function was to include `mbedtls/net_sockets.h` which now should be included directly. -### Remove MBEDTLS_CHECK_PARAMS option +### Remove `MBEDTLS_CHECK_PARAMS` option This change does not affect users who use the default configuration; it only affects users who enabled that option. @@ -696,7 +696,7 @@ because the parameters concerned are usually constants in applications. For more information see issue #4313. -### Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default +### Remove `MBEDTLS_SSL_RECORD_CHECKING` option and enable its action by default This change does not affect users who use the default mbedtls_config.h, as the option MBEDTLS_SSL_RECORD_CHECKING was already on by default. @@ -815,7 +815,7 @@ To use PKCS#1 v1.5 padding, instead of mbedtls_rsa_init(ctx); ``` -### Separated MBEDTLS_SHA224_C and MBEDTLS_SHA256_C +### Separated `MBEDTLS_SHA224_C` and `MBEDTLS_SHA256_C` This does not affect users who use the default `mbedtls_config.h`. MBEDTLS_SHA256_C was enabled by default. Now both MBEDTLS_SHA256_C and MBEDTLS_SHA224_C are @@ -893,7 +893,7 @@ Migration paths: - all codes of the form `MBEDTLS_ERR_SSL_BAD_HS_XXX` have been replaced by various alternatives. -### Modified semantics of mbedtls_ssl_{get,set}_session() +### Modified semantics of `mbedtls_ssl_{get,set}_session()` This affects users who call `mbedtls_ssl_get_session()` or `mbedtls_ssl_set_session()` multiple times on the same SSL context @@ -923,7 +923,7 @@ Migration path: calls. Applications achieve equivalent functional behavior by issuing only the very last call to `mbedtls_ssl_set_session()`. -### Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option +### Turn `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` configuration option into a runtime option This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE option in the `mbedtls_config.h`