Update Readme

mobizt · mobizt · commit 186720614d77 · 2025-11-08T18:59:24.000+07:00
diff --git a/README.md b/README.md
@@ -22,10 +22,16 @@ Supports ESP32, ESP8266, RP2040, STM32, SAMD, Teensy, and AVR (with external SRA
     * [📋 Requirements](#-requirements)
 4.  [🧠 Memory Usage Discrepancy Note](#-memory-usage-discrepancy-note)
 5.  [📦 Buffer Configuration Guide](#-buffer-configuration-guide)
-6.  [🧰 Macro Summary](#-macro-summary)
-7.  [🌐 Duplex Mode Guide](#-duplex-mode-guide-when-to-use-half-duplex)
-8.  [🧪 Basic Usage](#-basic-usage)
-9.  [📄 License](#-license)
+    * [🧠 Notes](#-notes)
+6.  [🧪 Basic Usage](#-basic-usage)
+7.  [🧰 API Highlights](#-api-highlights)
+8.  [🔬 Performance Profile Summary (Insecure Mode)](#-performance-profile-summary-insecure-mode)
+9.  [🧠 Memory Expansion Guide (AVR)](#-memory-expansion-guide-avr)
+10.  [🧰 Macro Summary](#-macro-summary)
+11.  [🌐 Duplex Mode Guide: When to Use Half-Duplex](#-duplex-mode-guide-when-to-use-half-duplex)
+12.  [🧪 Diagnostic Tips](#-diagnostic-tips)
+13.  [📊 Supported Algorithms](#-supported-algorithms)
+14.  [📄 License](#-license)
 
 ---
 
@@ -34,6 +40,7 @@ Supports ESP32, ESP8266, RP2040, STM32, SAMD, Teensy, and AVR (with external SRA
 - 🛡️ **Secure Data:** Data encryption via BearSSL (native or bundled)
 - **⬆️ Duplex Modes:** Supports **Full-Duplex** (simultaneous RX/TX) and **Half-Duplex** (sequential RX or TX) operation for advanced memory optimization.
 - 🔄 **TLS Upgrade:** Support for protocol negotiation (e.g., STARTTLS)
+- 🌟 **Supported Protocols** TLS1.0, TLS1.1, TLS1.2.
 - 🔐 **Validation:** Full Certificate validation or quick testing via `setInsecure()` mode
 - 🔁 **Runtime Flexibility:** Client switching at runtime via pointer assignment
 - 📦 **Configurable Buffers:** Adjust RX/TX buffer sizes (512–16384 bytes)
@@ -327,6 +334,20 @@ Define these in your main sketch or `platformio.ini` to customize the build.
 
 ---
 
+## 📊 Supported Algorithms
+
+The core BearSSL implementation included in this library supports a comprehensive suite of modern and necessary cryptographic primitives:
+
+| Component | Supported Algorithms |
+| :--- | :--- |
+| **TLS Protocols** | **TLS 1.2, TLS 1.1, TLS 1.0** |
+| **Key Exchange (Kx)** | **ECDHE** (Ephemeral), **ECDH** (Static), **RSA** (Static) |
+| **Authentication (Auth)** | **ECDSA** (Elliptic Curve), **RSA** |
+| **Bulk Encryption** | **AES-128, AES-256, ChaCha20, 3DES** |
+| **Encryption Modes** | **GCM** (Galois/Counter Mode), **CCM** (Counter with CBC-MAC), **CBC** (Cipher Block Chaining) |
+| **Hash Functions** | **SHA-256, SHA-384** (Modern/Required), **SHA1, MD5** (Legacy/Compatibility) |
+---
+
 ## 📄 License
 
 MIT License
diff --git a/src/client/Helper.h b/src/client/Helper.h
@@ -988,6 +988,24 @@ class BearSSL_Session
     br_ssl_session_parameters _session;
 };
 
+/* The "full" profile supports all implemented cipher suites.
+ *
+ * Rationale for suite order, from most important to least
+ * important rule:
+ *
+ * -- Don't use 3DES if AES or ChaCha20 is available.
+ * -- Try to have Forward Secrecy (ECDHE suite) if possible.
+ * -- When not using Forward Secrecy, ECDH key exchange is
+ *    better than RSA key exchange (slightly more expensive on the
+ *    client, but much cheaper on the server, and it implies smaller
+ *    messages).
+ * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller code).
+ * -- GCM is better than CCM and CBC. CCM is better than CBC.
+ * -- CCM is preferable over CCM_8 (with CCM_8, forgeries may succeed
+ *    with probability 2^(-64)).
+ * -- AES-128 is preferred over AES-256 (AES-128 is already
+ *    strong enough, and AES-256 is 40% more expensive).
+ */
 static const uint16_t suites_P[] CONST_IN_FLASH = {
 #ifndef BEARSSL_SSL_BASIC
     BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
