Emulator Issues #13666
closedAllow compilation against mbedtls 3.x
0%
Description
A few weeks ago, mbedtls 3.6 made its way to Debian unstable, breaking the build of dolphin-emu.
In https://bugs.dolphin-emu.org/issues/13124, this had been already reported, and while initially the plan was to update dolphin to drop support for mbedtls 2.x and move to 3.x, in the end the applied fix was just the opposite.
While mbedtls 3.x doesn't bring anything interesting to Dolphin per se, making it possible to compile against the latest released branch of mbedtls is important for the un-vendoring efforts of some downstream distributions like Debian. Un-vendoring security-sensitive libraries like mbedtls is specially important in the case a vulnerability against it is discovered and patched, as it avoids having to patch & recompile unrelated source packages.
Thanks for considering!
Updated by OatmealDome about 2 months ago
- Is duplicate of Emulator Issues #13560: Please switch to MbedTLS 3.6 added
Updated by JosJuice about 2 months ago
- Relates to maintainability changed from No to Yes
Updated by OatmealDome about 2 months ago
- Status changed from New to Duplicate
We are currently unable to switch to mbedtls 3.x as it drops support for SSL3: https://github.com/dolphin-emu/dolphin/pull/12246
Relevant comment: "The reason why such low security standard was chosen is due to the Wii hardware limitation. Games/programs relying on the Wii's IOS SSL module can't use some SSL algorithms/versions nor modern TLS features. Enabling/enforcing higher security standard might make some games and servers unreachable since they support these legacy features."
I believe someone else who works on Debian opened a bug report for this, so I'll mark this as a duplicate of that.