macOS
brew install mbedtls@3local Homebrew formula metadata
sudo port install mbedtls3MacPorts ports tree · devel/mbedtls3/Portfile · source: api.github.com
brew
Cryptographic & SSL/TLS library. Version 3.6.7 via Homebrew; verified 2026-07-07.
install
brew install mbedtls@3local Homebrew formula metadata
sudo port install mbedtls3MacPorts ports tree · devel/mbedtls3/Portfile · source: api.github.com
sudo apk add mbedtls3Alpine Linux edge package indexes · mbedtls3 · source: dl-cdn.alpinelinux.org
sudo pacman -S mbedtls3Arch Linux sync databases · mbedtls3 · source: geo.mirror.pkgbuild.com
sudo apt install libmbedcrypto16Debian stable package indexes · libmbedcrypto16 · source: deb.debian.org
sudo dnf install mbedtlsFedora Rawhide package metadata · mbedtls · source: dl.fedoraproject.org
nix profile install nixpkgs#mbedtlsnixpkgs package indexes · pkgs/by-name/mb/mbedtls/package.nix · source: api.github.com
sudo apt install libmbedcrypto7t64Ubuntu 24.04 LTS package indexes · libmbedcrypto7t64 · source: archive.ubuntu.com
sudo zypper install libeverestopenSUSE Tumbleweed package metadata · libeverest · source: download.opensuse.org
overview
Cryptographic & SSL/TLS library
history
Mbed TLS is a C cryptography and SSL/TLS library aimed at embedded and constrained systems, but it is also packaged broadly as a general-purpose TLS stack for Unix-like systems. Homebrew's mbedtls@3 formula tracks the 3.x major series, whose API and configuration model matter to downstream packages that have not moved to later ABI lines.
The project began as PolarSSL and became Mbed TLS under Arm's Mbed ecosystem before moving into the TrustedFirmware.org family. Its official documentation describes a small, portable TLS and cryptography implementation with build-time configuration through headers such as mbedtls_config.h, which is why distribution packages expose both libraries and a set of diagnostic and test command-line programs.
Mbed TLS 3.0.0 was the major compatibility break for the 3.x line: the release removed deprecated APIs and pushed users toward the PSA Crypto interfaces. Later 3.x releases, especially the 3.6 long-term-support branch, became important for packagers because they offered a stable line for applications that needed Mbed TLS 3 rather than the newer major series.
The package is widely present across Unix package managers, including Homebrew, Debian/Ubuntu, Fedora, Alpine, Arch, MacPorts, Nix, and openSUSE package names listed in the input metadata. That spread reflects Mbed TLS's role as a dependency for embedded tooling, network software, and projects that want a compact TLS implementation instead of OpenSSL.
For package managers, mbedtls@3 is specifically useful as a parallel-installable major version. It lets downstream formulae and ports continue building against the 3.x ABI while other consumers migrate on their own schedule.
Most users consume Mbed TLS as C libraries and headers rather than as an end-user CLI. The installed example and utility programs, such as mbedtls-selftest, mbedtls-benchmark, ssl_client, ssl_server, cert_app, and key_app, are useful for smoke tests, performance checks, and certificate/key experiments.
Configuration is traditionally handled at build time through include/mbedtls/mbedtls_config.h or an alternate MBEDTLS_CONFIG_FILE. That makes the package unusually sensitive to distribution build flags, enabled algorithms, and ABI compatibility.
Mbed TLS is package-nerd relevant because it is both a library dependency and a security-sensitive ABI surface. Its major-versioned Homebrew formula records the practical reality that TLS libraries cannot always be upgraded in lockstep across an ecosystem.
The 3.x line is also a useful marker for the PSA Crypto transition in C cryptography libraries: package maintainers care which consumers use legacy Mbed TLS APIs, which use PSA APIs, and which need LTS security backports.
security posture
No matching local secret-handling manifest was found for mbedtls@3. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
include/mbedtls/mbedtls_config.hexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
cipher_aead_demo | cli | global executable | |
crypt_and_hash | cli | global executable | |
dh_client | cli | global executable | |
dh_genprime | cli | global executable | |
dh_server | cli | global executable | |
ecdh_curve25519 | cli | global executable | |
ecdsa | cli | global executable | |
gen_entropy | cli | global executable | |
gen_key | cli | global executable | |
gen_random_ctr_drbg | cli | global executable | |
generic_sum | cli | global executable | |
key_app | cli | global executable | |
key_app_writer | cli | global executable | |
mbedtls-benchmark | cli | global executable | |
mbedtls-selftest | cli | global executable | |
md_hmac_demo | cli | global executable | |
pk_decrypt | cli | global executable | |
pk_encrypt | cli | global executable | |
pk_sign | cli | global executable | |
pk_verify | cli | global executable | |
rsa_decrypt | cli | global executable | |
rsa_encrypt | cli | global executable | |
rsa_genkey | cli | global executable | |
rsa_sign | cli | global executable | |
rsa_sign_pss | cli | global executable | |
rsa_verify | cli | global executable | |
rsa_verify_pss | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/Mbed-TLS/mbedtls
install metadata
| Package key | brew:mbedtls@3 |
|---|---|
| Version | 3.6.7 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/mbedtls@3 |
| Homepage | https://www.trustedfirmware.org/projects/mbed-tls/ |
| Repository | https://github.com/Mbed-TLS/mbedtls |
| Upstream docs | https://mbed-tls.readthedocs.io/en/latest |
| License | Apache-2.0 |
| Source archive | https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-3.6.7/mbedtls-3.6.7.tar.bz2 |
| Last updated | 2026-07-07T16:38:54Z |
| Pulse | updated |
| Build dependencies | cmake |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | mbedtls@3 |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | yes |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
mbedtls3
sudo port install mbedtls3mbedtls3 3.6.6-r0
Light-weight cryptographic and SSL/TLS library
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apk add mbedtls3mbedtls3-dev 3.6.6-r0
Light-weight cryptographic and SSL/TLS library (development files)
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apk add mbedtls3-devmbedtls3-static 3.6.6-r0
Light-weight cryptographic and SSL/TLS library (static library)
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apk add mbedtls3-staticmbedtls3-utils 3.6.6-r0
Utilities for mbedtls (including gen_key / cert_write)
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apk add mbedtls3-utilsmbedtls3 3.6.6-1
An open source, portable, easy to use, readable and flexible TLS library
sudo pacman -S mbedtls3libmbedcrypto16 3.6.5-0.1~deb13u1
lightweight crypto and SSL/TLS library - crypto library
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedcrypto16libmbedtls-dev 3.6.5-0.1~deb13u1
lightweight crypto and SSL/TLS library - development files
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedtls-devlibmbedtls-doc 3.6.5-0.1~deb13u1
lightweight crypto and SSL/TLS library - documentation
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedtls-doclibmbedtls21 3.6.5-0.1~deb13u1
lightweight crypto and SSL/TLS library - tls library
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedtls21libmbedx509-7 3.6.5-0.1~deb13u1
lightweight crypto and SSL/TLS library - x509 certificate library
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedx509-7mbedtls
nix profile install nixpkgs#mbedtlslibmbedcrypto7t64 2.28.8-1
lightweight crypto and SSL/TLS library - crypto library
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedcrypto7t64libmbedtls-dev 2.28.8-1
lightweight crypto and SSL/TLS library - development files
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedtls-devlibmbedtls-doc 2.28.8-1
lightweight crypto and SSL/TLS library - documentation
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedtls-doclibmbedtls14t64 2.28.8-1
lightweight crypto and SSL/TLS library - tls library
https://www.trustedfirmware.org/projects/mbed-tls/
sudo apt install libmbedtls14t64source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.