README.mbedtls

This version of OpenVPN has mbed TLS support. To enable, follow the
instructions below:

To build and install,

	./configure --with-crypto-library=mbedtls
	make
	make install

This version requires mbed TLS version >= 2.0.0 or >= 3.2.1.

*************************************************************************

Due to limitations in the mbed TLS library, the following features are missing
in the mbed TLS version of OpenVPN:

 * PKCS#12 file support
 * --capath support - Loading certificate authorities from a directory
 * Windows CryptoAPI support
 * X.509 alternative username fields (must be "CN")

Plugin/Script features:

 * X.509 subject line has a different format than the OpenSSL subject line
 * X.509 certificate tracking

*************************************************************************

Mbed TLS 3 has implemented (parts of) the TLS 1.3 protocol, but we have disabled
support in OpenVPN because the TLS-Exporter function is not yet implemented.