[HOLD] Upgrade mbedtls to 3.5.2

[johnmlee101]

Turns out 3.6.0 doesn't work with TLS v1.3

Was trying to figure this out for awhile and got errors like https://github.com/Mbed-TLS/mbedtls/issues/9223

and internal errors, but once I downgraded to 3.5.2 it worked instantly.

The rest is optimizations and improvements to move to 3.0+ but we'll still need to upgrade at some point to a higher version once they fix the issues.

[johnmlee101]

Will need to make sure Auth and the other plugins work with this as well, which is why its on hold before we merge

[johnmlee101]

are the private SSL changes necessary for the newer version of mbedtls?

Yeah they explicitly make sure its accessed internally or externally with private_ prefixes now

[johnmlee101]

Auth: https://github.com/Expensify/Auth/pull/11565

[johnmlee101]

Okay Fuzzybot, ExpensifyTableManager, ExpensifyBackupManager all compile and run with the updated version, so we'll want to merge this first, merge auth, then deploy asap so that auth using the bedrock prod branch doesn't break things

[tylerkaraszewski]

Approved this, but letting you figure out the required deploy dance.

[johnmlee101]

Oh do you mind approving https://github.com/Expensify/Auth/pull/11565 as well then?

[tylerkaraszewski]

Done.

[Julesssss]

Is this still held @johnmlee101?

[johnmlee101]

yes, since this will require a specific deployment order to prevent auth from crashing in tests

[johnmlee101]

I'm going to be OOO, and I don't think this is too time-sensitive, so I might resume this once I'm back, and since its also Friday I don't want to force a deploy today.