ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

Mbed TLS 4.x Compatibility Update

Open Easton97-Jens opened this issue 1 month ago • 1 comments

Hi all,

I tried to analyze this issue and propose a possible fix using an AI-assisted approach. For transparency: I am not a professional programmer, and this contribution is meant purely as a helpful starting point / discussion basis, not as a final or authoritative solution. Based on this, I created an initial draft patch / pull request and would appreciate your feedback.

What I did:

Updated the build logic to reflect the changed file/layout structure in Mbed TLS 4.x (e.g. library/base64.c is no longer present there).

Removed Linux 32-bit support.

Temporarily disabled Windows support.

Split the build.sh into separate scripts for macOS and Linux, so I can test the builds in a more system-specific way.

With the Linux setup, Mbed TLS 4.x can now be compiled directly.

With these changes, the build proceeds further. However, since I do not have deep technical expertise in this area, I cannot fully validate the solution myself and I am strongly relying on feedback, corrections, and guidance from the community.

All relevant sources and dependencies were updated to their latest available versions as part of this change.

On Linux, the libmbedtls-dev package is required, and on macOS the mbedtls package (e.g. via Homebrew). Alternatively, Mbed TLS can also be built from source on Linux, which is handled in build_on_linux.

Open questions:

Are you open to a community contribution supporting Mbed TLS 4.x in ModSecurity v3?

If so, which branch would be preferred (a separate branch due to possible breaking changes vs. direct merge into main)?

Should the documentation explicitly clarify which Mbed TLS versions are officially supported?

I’m providing this patch as a form of assistance only and I’m very grateful for any corrections, suggestions, or improvements.

Resolves #3450

Thanks and best regards, Steinbacher

Easton97-Jens avatar Dec 09 '25 19:12 Easton97-Jens

Quality Gate Passed Quality Gate passed

Issues
8 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Dec 16 '25 10:12 sonarqubecloud[bot]