change(mbedtls): update mbedTLS default configs

1. Disables MBEDTLS_ARIA_C by default
2. SECP192R1 support is disabled by default

components/mbedtls/Kconfig

@@ -868,7 +868,7 @@ menu "mbedTLS"
 
         config MBEDTLS_ARIA_C
             bool "ARIA block cipher"
-            default y
+            default n
 
         config MBEDTLS_CAMELLIA_SMALL_MEMORY
             bool "Use small memory implementation of Camellia"
@@ -1272,6 +1272,7 @@ menu "mbedTLS"
             help
                 Enable hardware accelerated ECDSA peripheral to verify signature
                 on curve SECP192R1 and SECP256R1 in mbedTLS.
+                Note that SECP192R1 support is disabled by default.
 
         menu "Enable Software Countermeasure for ECDSA signing using on-chip ECDSA peripheral"
             depends on MBEDTLS_HARDWARE_ECDSA_SIGN
@@ -1312,6 +1313,7 @@ menu "mbedTLS"
             help
                 Enable hardware accelerated ECDSA peripheral to sign data
                 on curve SECP192R1 and SECP256R1 in mbedTLS.
+                Note that SECP192R1 support is disabled by default.
 
                 Note that for signing, the private key has to be burnt in an efuse key block
                 with key purpose set to ECDSA_KEY.
@@ -1332,6 +1334,7 @@ menu "mbedTLS"
             help
                 Enable hardware accelerated ECC point multiplication and point verification for points
                 on curve SECP192R1 and SECP256R1 in mbedTLS
+                Note that SECP192R1 support is disabled by default.
 
         config MBEDTLS_ECC_OTHER_CURVES_SOFT_FALLBACK
             bool "Fallback to software implementation for curves not supported in hardware"

components/mbedtls/config/mbedtls_preset_default.conf

@@ -92,7 +92,7 @@ CONFIG_MBEDTLS_SSL_PROTO_DTLS=n
 # Symmetric Ciphers
 CONFIG_MBEDTLS_AES_C=y
 CONFIG_MBEDTLS_CAMELLIA_C=n
-CONFIG_MBEDTLS_ARIA_C=y
+CONFIG_MBEDTLS_ARIA_C=n
 CONFIG_MBEDTLS_DES_C=n
 CONFIG_MBEDTLS_CCM_C=y
 CONFIG_MBEDTLS_CIPHER_MODE_CBC=y

components/mbedtls/port/include/mbedtls/esp_config.h

@@ -60,8 +60,6 @@
  */
 #define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
 
-#define PSA_WANT_ECC_SECP_R1_192                1
-
 /**
  * \name SECTION: System support
  *

docs/en/migration-guides/release-6.x/6.0/security.rst

@@ -60,6 +60,16 @@ ESP-IDF v6.0 updates to Mbed TLS v4.0, where **PSA Crypto is the primary cryptog
          - 41084
          - 4.97
 
+
+
+Default configuration changes
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Note: The default Mbed TLS configuration in ESP-IDF v6.0 has been tightened for security and footprint:
+
+  - ``MBEDTLS_ARIA_C`` is disabled by default. Applications that rely on ARIA must explicitly enable it in ``menuconfig`` (Component config -> mbedTLS) or by customizing ``components/mbedtls/config/mbedtls_preset_default.conf``.
+  - Support for ``secp192r1`` is disabled by default, consistent with the removal of support for elliptic curves smaller than 250 bits in certificates and TLS. If an application still requires legacy curve support outside TLS/certificates, it must be enabled explicitly (for example by defining ``PSA_WANT_ECC_SECP_R1_192=1``) and validated for compatibility. Note: this legacy support may be disabled in the next minor ESP-IDF release.
+
 References
 ^^^^^^^^^^