Mbed TLS is now part of TrustedFirmware.org.

Mbed TLS 2.11.0, 2.7.4 and 2.1.13 released


Mbed TLS 2.11.0 has been released!

Maintenance releases for the Mbed TLS 2.7 and 2.1 branches have also been released.

Mbed TLS 2.11.0 adds a number of new features, including additional block modes (OFB, XTS, and CCM*), private key offloading, the ARIA cipher and associated TLS ciphersuite, and HKDF (RFC 5869). Additionally these releases fix a number of outstanding issues. Further details are below and in the ChangeLog for each release.


  • (2.11) Added support for the XTS block cipher mode with AES (AES-XTS). Contributed by Aorimn in pull request #414.

  • (2.11) Implemented the HMAC-based extract-and-expand key derivation function (HKDF) per RFC 5869. Contributed by Thomas Fossati.

  • (2.11) For TLS servers, added support for offloading private key operations to an external cryptoprocessor. Private key operations can be asynchronous to allow non-blocking operation of the TLS server stack.

  • (2.11) Added support for ARIA cipher (RFC 5794) and associated TLS ciphersuites (RFC 6209). ARIA is disabled by default. To enable, see MBEDTLS_ARIA_C in config.h.

  • (2.11) Added support for the CCM* block cipher mode as defined in IEEE Std 802.15.4.

  • (2.11) Added an additional block mode, OFB (Output Feedback) per NIST SP 800-38a, to the AES module and cipher abstraction module.

API Changes

Mbed TLS 2.11.0 maintains source code compatibility with the last minor version, Mbed TLS 2.9.0, but extends the interface with additional capabilities. Mbed TLS 2.11.0 modifies the ABI and increases the SOVERSION.

  • (2.11) We've extended the platform module with a util component that contains functionality shared by multiple Mbed TLS modules. At this stage platform_util.h (and its associated platform_util.c) only contain mbedtls_platform_zeroize(), which is a critical function from a security point of view.

Mbed TLS 2.7.4 and Mbed TLS 2.1.13 maintains binary and source code compatibility with their previous releases in the 2.7 and 2.1 branches.


  • (2.11) Fixed the cert_write example to handle certificates signed with elliptic curves as well as RSA. Fixes #777 found by dbedev.

  • (2.11, 2.7, 2.1) Fixed the redefinition of _WIN32_WINNT, to avoid overriding a definition used by user applications. Found and fixed by Fabio Alessandrelli.

  • (2.11, 2.7, 2.1) Fixed compilation warnings with the IAR toolchain on 32-bit platforms. Reported by rahmanih in #683.

  • (2.11, 2.7, 2.1) Fixed an issue with MicroBlaze support in bn_mul.h which was causing the build to fail. Found by zv-io. Fixes #1651.

  • (2.11, 2.7, 2.1) Fixed braces in mbedtls_memory_buffer_alloc_status(). Found by sbranden in #552.

  • (2.1) Added the macro MBEDTLS_X509_MAX_FILE_PATH_LEN that enables the user to configure the maximum length of a file path that can be buffered when calling mbedtls_x509_crt_parse_path(). Fixes #492.

  • (2.11, 2.7, 2.1) Fixed redundant declaration of mbedtls_ssl_list_ciphersuites. Raised by TrinityTonic in #1359.


  • (2.11, 2.7, 2.1) Changed CMake defaults for IAR to treat all compiler warnings as errors.

  • (2.11, 2.7, 2.1) Added support for TLS testing in out-of-source-tree builds using CMake. Fixes #1193.

Who should update

We recommend all users impacted by the bugs described above should update at an appropriate point in their development lifecycle.

Users of Mbed TLS 2.1 or any earlier version are recommended to upgrade to one of the maintained releases as Mbed TLS 2.1 is nearing its end-of-life.

End of life for Mbed TLS 2.1

Mbed TLS 2.1.0 was first shipped on 4th September 2015, and is nearing the end of its life. Mbed TLS 2.1 will not be supported after Autumn 2018. All users of Mbed TLS 2.1 are advised to upgrade to a later version of Mbed TLS wherever possible. The latest long-term support branch is Mbed TLS 2.7.

Download links

Get your copy here:


The hashes for files/mbedtls-2.11.0-apache.tgz are:

SHA-1: ae84472e9a6d8a80a8d2ac28a0002505ff21248e
SHA-256: 2a87061ad770e6d019b3b9cd27ea42a58bd0affccc4c6bfe4f5f0eee9ebf8aa8

The hashes for files/mbedtls-2.11.0-gpl.tgz are:

SHA-1: 9f762f7b93f84f51bba4081b678be7b7803aee4e
SHA-256: 47b57d472bb42929c1083eab7073e234fa5e37fca0706de53cd80ac71eb9aac6

The hashes for files/mbedtls-2.7.4-apache.tgz are:

SHA-1: 20394e353050992c5f9699da7c9a336bd2ed2dea
SHA-256: 34e164d49500e377970c5f6761a146078baae0e086ec88cdcfeb9c96878a38f5

The hashes for files/mbedtls-2.7.4-gpl.tgz are:

SHA-1: 010e5edf3311c1ee6b53d93adbb5ac861dc623e9
SHA-256: 6d96d950feebec45cf7c994e94485a950e840a2a1bf9bcce189cbab3697c7399

The hashes for files/mbedtls-2.1.13-apache.tgz are:

SHA-1: 1ce75415da87228b92b96169a7fa6b7e2cd8bcae
SHA-256: f40c7189ac7364c5f5c25c136a2dcb51923889e58dad87ba9ff0b629e96dbf8b

The hashes for files/mbedtls-2.1.13-gpl.tgz are:

SHA-1: 02d173bc41d6871e7eaeeb7d8dfcbaffeb5da055
SHA-256: 866bd9b942df6f2a88579a76a12366b2d07d32ec922e4069d726d99d0d6e79ea

Like this?




Last updated:
Sep 12, 2018


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.