Trusted Firmware Logo

MBed TLS v3.2.1 - PSA Crypto, TLS1.3, Acceleration and More!

Shebu Kuriakose| Wednesday, July 13, 2022|3 min read


Mbed TLS project has released v3.2.1 and v2.28.1 LTS this week. v3.2.1 was done soon after v3.2.0 to include a missing file. Being the development release since December last year, v3.2.1 includes several enhancements, bug fixes and security fixes. v2.28.1 released from Mbed TLS 2.28 Long Time Support (LTS) branch includes latest bug fixes and security fixes.

Refer to the release notes for a complete list of changes in the releases. Here are some of the highlights of v3.2.1:


  1. Usability Improvements: As part of improving the usability of Mbed TLS 3.1 and 3.2 releases, several accessor functions, public getter APIs to access certain private fields in structures, and converting private fields in structures to public are included. The specific changes can be found in the release notes

  2. TLS/X.509 using PSA Crypto APIs: Mbed TLS project provides a reference implementation of the PSA Crypto APIs. Mbed TLS 3.1 onwards include implementation of all essential PSA Crypto v1.0 APIs, and pass the PSA Crypto API compliance test suite.

    Earlier only a limited subset of crypto operations in TLS, X.509 and PK used PSA Crypto APIs using the MBEDTLS_USE_PSA_CRYPTO config option. In Mbed TLS 3.2.1, most of the crypto operations are done using PSA Crypto APIs with a few exceptions. Refer here for list of exceptions

  3. TLS 1.3 Enhancements: Mbed TLS 3.1 release included a minimum viable implementation of TLS 1.3 which provided limited client side support. Several new features including server side support (ephemeral key establishment only), client authentication, client side TLS version negotiation, building Mbed TLS only with TLS 1.3 without TLS 1.2 support etc are included. Refer here for details.

  4. Acceleration: Improved performance of SHA-2 algorithm on Armv8 platforms by enabling SHA-2 acceleration instructions when building for Aarch64. SHA-256 is 7.5x faster and SHA-512 is 4.5x faster than in Mbed TLS 3.1.

What’s Next?

During H2’2022, focus will remain on some of the remaining areas of TLS and X.509 using PSA Crypto such as allowing isolation of long term secrets, TLS and X.509 working when library built without software implementations of crypto operations if crypto hardware supports those operations etc. TLS 1.3 enhancements such as PSK support, EC J-PAKE PSA API implementation are also areas the project plans to spend time on. Look at the project roadmap for further details.

We welcome community participation in ongoing and future work items in the project that can be found here. Subscribe to the mailing list to start participating in the design and development of the project. The bi-weekly Mbed TLS Technical Forums are also an opportunity to understand major developments in the project.

Recent Posts

post image
MISRA Compliance Jumpstart

Monday, October 30, 2023

White Paper: Jumpstarting MISRA compliance via the integration of static analysis into Open Source CI systems: best practices and key elements from

post image
MCUboot v2.0.0 Release!

Monday, October 30, 2023

MCUboot v2.0.0 Release

post image
Trusted Firmware OP TEE Release 4.0.0

Friday, October 20, 2023

Trusted Firmware OP TEE: v4.0.0 Release

post image
MBed TLS 3.5.0 Released with new and smaller ECC implementation!

Thursday, October 19, 2023

Introduction The Mbed TLS project has released version 3.5.0 in October 2023. The release includes several code size optimizations including a new small footprint secp256r1 implementation accessible via PSA Crypto APIs. 3.5.0 also includes feature enhancements, bug fixes and security fixes. 2.28.5 released from the Mbed TLS...

post image
Trusted Services 1.0.0 released!

Friday, October 13, 2023

Introduction Building on the Beta version of the Trusted Services release, v1.0.0 is the first stable release of the project. The release comprises PSA Services that can be deployed on Cortex-A devices to meet PSA Certified requirements and, necessary build and test infrastructure and documentation.