Project

General

Profile

Actions

Emulator Issues #13666

closed

Allow compilation against mbedtls 3.x

Added by jordi about 2 months ago. Updated about 2 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
% Done:

0%

Operating system:
N/A
Issue type:
Bug
Milestone:
Regression:
No
Relates to usability:
No
Relates to performance:
No
Easy:
No
Relates to maintainability:
Yes
Regression start:
Fixed in:

Description

A few weeks ago, mbedtls 3.6 made its way to Debian unstable, breaking the build of dolphin-emu.

In https://bugs.dolphin-emu.org/issues/13124, this had been already reported, and while initially the plan was to update dolphin to drop support for mbedtls 2.x and move to 3.x, in the end the applied fix was just the opposite.

While mbedtls 3.x doesn't bring anything interesting to Dolphin per se, making it possible to compile against the latest released branch of mbedtls is important for the un-vendoring efforts of some downstream distributions like Debian. Un-vendoring security-sensitive libraries like mbedtls is specially important in the case a vulnerability against it is discovered and patched, as it avoids having to patch & recompile unrelated source packages.

Thanks for considering!


Related issues 1 (1 open0 closed)

Is duplicate of Emulator - Emulator Issues #13560: Please switch to MbedTLS 3.6Accepted

Actions
Actions #1

Updated by OatmealDome about 2 months ago

Actions #2

Updated by JosJuice about 2 months ago

  • Relates to maintainability changed from No to Yes
Actions #3

Updated by OatmealDome about 2 months ago

  • Status changed from New to Duplicate

We are currently unable to switch to mbedtls 3.x as it drops support for SSL3: https://github.com/dolphin-emu/dolphin/pull/12246

Relevant comment: "The reason why such low security standard was chosen is due to the Wii hardware limitation. Games/programs relying on the Wii's IOS SSL module can't use some SSL algorithms/versions nor modern TLS features. Enabling/enforcing higher security standard might make some games and servers unreachable since they support these legacy features."

I believe someone else who works on Debian opened a bug report for this, so I'll mark this as a duplicate of that.

Actions

Also available in: Atom PDF