From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.81]) by mx.groups.io with SMTP id smtpd.web12.739.1599495519886553933 for ; Mon, 07 Sep 2020 09:18:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=XECYuOb7; spf=pass (domain: redhat.com, ip: 207.211.31.81, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1599495519; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=8DGcadHVAHyxOGvDkEMSzFJ0urEkD9t8+cb6mwB+swQ=; b=XECYuOb7t5sPMhkaXmHNjbqv0sFw09upem7TbEGz8v/3PVvFHy5zQFpFkMBJLRKL/K5Wx+ 2ji+LbD/KXFfc9KRknSNe2VEA6q0wDXGChGj2jm4HHJqJSl3Qinf/bKpOvRHooZESbWaeQ eZ1/B2jb4sFXEUj4Tphi/l8F5dywygM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-179-XA-38HnBOxafjh_qXBcYvA-1; Mon, 07 Sep 2020 12:18:30 -0400 X-MC-Unique: XA-38HnBOxafjh_qXBcYvA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0C5AF18B9ED9; Mon, 7 Sep 2020 16:18:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-115-56.ams2.redhat.com [10.36.115.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7133082460; Mon, 7 Sep 2020 16:18:27 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Ard Biesheuvel , Gary Lin , Jordan Justen , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH] OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding Date: Mon, 7 Sep 2020 18:18:25 +0200 Message-Id: <20200907161825.10893-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0.002 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 SW4gUUVNVSBjb21taXQgcmFuZ2UgNGFiZjcwYTY2MWE1Li42OTY5OWYzMDU1YTUsIFBoaWwgaW1w bGVtZW50ZWQgYSBRRU1VCmZhY2lsaXR5IGZvciBleHBvc2luZyB0aGUgaG9zdC1zaWRlIFRMUyBj aXBoZXIgc3VpdGUgY29uZmlndXJhdGlvbiB0bwpPVk1GLiBUaGUgcHVycG9zZSBpcyB0byBjb250 cm9sIHRoZSBwZXJtaXR0ZWQgY2lwaGVycyBpbiB0aGUgZ3Vlc3QncyBVRUZJCkhUVFBTIGJvb3Qu IFRoaXMgY29tcGxlbWVudHMgdGhlIGZvcndhcmRpbmcgb2YgdGhlIGhvc3Qtc2lkZSBjcnlwdG8g cG9saWN5CmZyb20gdGhlIGhvc3QgdG8gdGhlIGd1ZXN0IC0tIHRoZSBvdGhlciBmYWNldCB3YXMg dGhlIHNldCBvZiBDQQpjZXJ0aWZpY2F0ZXMgKGZvciB3aGljaCBwMTEta2l0IHBhdGNoZXMgaGFk IGJlZW4gdXBzdHJlYW1lZCwgb24gdGhlIGhvc3QKc2lkZSkuCgpNZW50aW9uIHRoZSBuZXcgY29t bWFuZCBsaW5lIG9wdGlvbnMgaW4gIk92bWZQa2cvUkVBRE1FIi4KCkNjOiBBcmQgQmllc2hldXZl bCA8YXJkLmJpZXNoZXV2ZWxAYXJtLmNvbT4KQ2M6IEdhcnkgTGluIDxnbGluQHN1c2UuY29tPgpD YzogSm9yZGFuIEp1c3RlbiA8am9yZGFuLmwuanVzdGVuQGludGVsLmNvbT4KQ2M6IFBoaWxpcHBl IE1hdGhpZXUtRGF1ZMOpIDxwaGlsbWRAcmVkaGF0LmNvbT4KUmVmOiBodHRwczovL2J1Z3ppbGxh LnRpYW5vY29yZS5vcmcvc2hvd19idWcuY2dpP2lkPTI4NTIKU2lnbmVkLW9mZi1ieTogTGFzemxv IEVyc2VrIDxsZXJzZWtAcmVkaGF0LmNvbT4KLS0tCiBPdm1mUGtnL1JFQURNRSB8IDI0ICsrKysr KysrKysrKy0tLS0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgMTUgaW5zZXJ0aW9ucygrKSwgOSBkZWxl dGlvbnMoLSkKCmRpZmYgLS1naXQgYS9Pdm1mUGtnL1JFQURNRSBiL092bWZQa2cvUkVBRE1FCmlu ZGV4IDNkZDI4NDc0ZWFkNC4uMjAwOWQ5ZDI5Nzk2IDEwMDY0NAotLS0gYS9Pdm1mUGtnL1JFQURN RQorKysgYi9Pdm1mUGtnL1JFQURNRQpAQCAtMjk0LDY3ICsyOTQsNzMgQEAgYW5kIGVuY3J5cHRl ZCBjb25uZWN0aW9uLgogDQogICBZb3UgY2FuIGFsc28gYXBwZW5kIGEgY2VydGlmaWNhdGUgdG8g dGhlIGV4aXN0aW5nIGxpc3Qgd2l0aCB0aGUgZm9sbG93aW5nDQogICBjb21tYW5kOg0KIA0KICAg ZWZpc2lnbGlzdCAtaSA8b2xkIGNlcnRkYj4gLWEgPGNlcnQgZmlsZT4gLW8gPG5ldyBjZXJ0ZGI+ DQogDQogICBOT1RFOiBZb3UgbWF5IG5lZWQgdGhlIHBhdGNoIHRvIG1ha2UgZWZpc2lnbGlzdCBn ZW5lcmF0ZSB0aGUgY29ycmVjdCBoZWFkZXIuDQogICAoaHR0cHM6Ly9naXRodWIuY29tL3JoYm9v dC9wZXNpZ24vcHVsbC80MCkNCiANCiAqIEJlc2lkZXMgdGhlIHRydXN0ZWQgY2VydGlmaWNhdGVz LCBpdCdzIGFsc28gcG9zc2libGUgdG8gY29uZmlndXJlIHRoZSB0cnVzdGVkDQogICBjaXBoZXIg c3VpdGVzIGZvciBIVFRQUyB0aHJvdWdoIGFub3RoZXIgZndfY2ZnIGVudHJ5OiBldGMvZWRrMi9o dHRwcy9jaXBoZXJzLg0KIA0KLSAgLWZ3X2NmZyBuYW1lPWV0Yy9lZGsyL2h0dHBzL2NpcGhlcnMs ZmlsZT08Y2lwaGVyIHN1aXRlcz4NCi0NCiAgIE9WTUYgZXhwZWN0cyBhIGJpbmFyeSBVSU5UMTYg YXJyYXkgd2hpY2ggY29tcHJpc2VzIHRoZSBjaXBoZXIgc3VpdGVzIEhFWA0KICAgSURzKCo0KS4g SWYgdGhlIGNpcGhlciBzdWl0ZSBsaXN0IGlzIGdpdmVuLCBPVk1GIHdpbGwgY2hvb3NlIHRoZSBj aXBoZXINCiAgIHN1aXRlIGZyb20gdGhlIGludGVyc2VjdGlvbiBvZiB0aGUgZ2l2ZW4gbGlzdCBh bmQgdGhlIGJ1aWx0LWluIGNpcGhlcg0KICAgc3VpdGVzLiBPdGhlcndpc2UsIE9WTUYganVzdCBj aG9vc2VzIHdoYXRldmVyIHByb3BlciBjaXBoZXIgc3VpdGVzIGZyb20gdGhlDQogICBidWlsdC1p biBvbmVzLg0KIA0KLSAgV2hpbGUgdGhlIHRvb2woKjUpIHRvIGNyZWF0ZSB0aGUgY2lwaGVyIHN1 aXRlIGFycmF5IGlzIHN0aWxsIHVuZGVyDQotICBkZXZlbG9wbWVudCwgdGhlIGFycmF5IGNhbiBi ZSBnZW5lcmF0ZWQgd2l0aCB0aGUgZm9sbG93aW5nIHNjcmlwdDoNCisgIFVzaW5nIFFFTVUgNS4x IG9yIGxhdGVyLCBRRU1VIGNhbiBleHBvc2UgdGhlIG9yZGVyZWQgbGlzdCBvZiBwZXJtaXR0ZWQg VExTDQorICBjaXBoZXIgc3VpdGVzIGZyb20gdGhlIGhvc3Qgc2lkZSB0byBPVk1GOg0KKw0KKyAg LW9iamVjdCB0bHMtY2lwaGVyLXN1aXRlcyxpZD1teXN1aXRlMCxwcmlvcml0eT1AU1lTVEVNIFwN CisgIC1md19jZmcgbmFtZT1ldGMvZWRrMi9odHRwcy9jaXBoZXJzLGdlbl9pZD1teXN1aXRlMA0K Kw0KKyAgKFJlZmVyIHRvIHRoZSBRRU1VIG1hbnVhbCBhbmQgdG8NCisgIDxodHRwczovL2dudXRs cy5vcmcvbWFudWFsL2h0bWxfbm9kZS9Qcmlvcml0eS1TdHJpbmdzLmh0bWw+IGZvciBtb3JlDQor ICBpbmZvcm1hdGlvbiBvbiB0aGUgInByaW9yaXR5IiBwcm9wZXJ0eS4pDQorDQorICBVc2luZyBR RU1VIDUuMCBvciBlYXJsaWVyLCB0aGUgYXJyYXkgaGFzIHRvIGJlIHBhc3NlZCBmcm9tIGEgZmls ZToNCisNCisgIC1md19jZmcgbmFtZT1ldGMvZWRrMi9odHRwcy9jaXBoZXJzLGZpbGU9PGNpcGhl ciBzdWl0ZXM+DQorDQorICB3aG9zZSBjb250ZW50cyBjYW4gYmUgZ2VuZXJhdGVkIHdpdGggdGhl IGZvbGxvd2luZyBzY3JpcHQsIGZvciBleGFtcGxlOg0KIA0KICAgZXhwb3J0IExDX0FMTD1DDQog ICBvcGVuc3NsIGNpcGhlcnMgLVYgXA0KICAgfCBzZWQgLXIgLW4gXA0KICAgICAgLWUgJ3MvXiAq MHgoWzAtOUEtRl17Mn0pLDB4KFswLTlBLUZdezJ9KSAtIC4qJC9cXFxceFwxIFxcXFx4XDIvcCcg XA0KICAgfCB4YXJncyAtciAtLSBwcmludGYgLS0gJyViJyA+IGNpcGhlcnMuYmluDQogDQogICBU aGlzIHNjcmlwdCBjcmVhdGVzIGNpcGhlcnMuYmluIHRoYXQgY29udGFpbnMgYWxsIHRoZSBjaXBo ZXIgc3VpdGUgSURzDQogICBzdXBwb3J0ZWQgYnkgb3BlbnNzbCBhY2NvcmRpbmcgdG8gdGhlIGxv Y2FsIGhvc3QgY29uZmlndXJhdGlvbi4NCiANCiAgIFlvdSBtYXkgd2FudCB0byBlbmFibGUgb25s eSBhIGxpbWl0ZWQgc2V0IG9mIGNpcGhlciBzdWl0ZXMuIFRoZW4sIHlvdQ0KICAgc2hvdWxkIGNo ZWNrIHRoZSB2YWxpZGl0eSBvZiB5b3VyIGxpc3QgZmlyc3Q6DQogDQogICBvcGVuc3NsIGNpcGhl cnMgLVYgPGNpcGhlciBsaXN0Pg0KIA0KICAgSWYgYWxsIHRoZSBjaXBoZXIgc3VpdGVzIGluIHlv dXIgbGlzdCBtYXAgdG8gdGhlIHByb3BlciBIRVggSURzLCBnbyBhaGVhZA0KICAgdG8gbW9kaWZ5 IHRoZSBzY3JpcHQgYW5kIGV4ZWN1dGUgaXQ6DQogDQogICBleHBvcnQgTENfQUxMPUMNCiAgIG9w ZW5zc2wgY2lwaGVycyAtViA8Y2lwaGVyIGxpc3Q+IFwNCiAgIHwgc2VkIC1yIC1uIFwNCiAgICAg IC1lICdzL14gKjB4KFswLTlBLUZdezJ9KSwweChbMC05QS1GXXsyfSkgLSAuKiQvXFxcXHhcMSBc XFxceFwyL3AnIFwNCiAgIHwgeGFyZ3MgLXIgLS0gcHJpbnRmIC0tICclYicgPiBjaXBoZXJzLmJp bg0KIA0KLSogSW4gdGhlIGZ1dHVyZSAoYWZ0ZXIgcmVsZWFzZSAyLjEyKSwgUUVNVSBzaG91bGQg cG9wdWxhdGUgYm90aCBhYm92ZSBmd19jZmcNCi0gIGZpbGVzIGF1dG9tYXRpY2FsbHkgZnJvbSB0 aGUgbG9jYWwgaG9zdCBjb25maWd1cmF0aW9uLCBhbmQgZW5hYmxlIHRoZSB1c2VyDQotICB0byBv dmVycmlkZSBlaXRoZXIgd2l0aCBkZWRpY2F0ZWQgb3B0aW9ucyBvciBwcm9wZXJ0aWVzLg0KLQ0K ICgqMSkgU2VlICIzMS40LjEgU2lnbmF0dXJlIERhdGFiYXNlIiBpbiBVRUZJIHNwZWNpZmljYXRp b24gMi43IGVycmF0YSBBLg0KICgqMikgcDExLWtpdDogaHR0cHM6Ly9naXRodWIuY29tL3AxMS1n bHVlL3AxMS1raXQvDQogKCozKSBlZmlzaWdsaXN0OiBodHRwczovL2dpdGh1Yi5jb20vcmhib290 L3Blc2lnbi9ibG9iL21hc3Rlci9zcmMvZWZpc2lnbGlzdC5jDQogKCo0KSBodHRwczovL3dpa2ku bW96aWxsYS5vcmcvU2VjdXJpdHkvU2VydmVyX1NpZGVfVExTI0NpcGhlcl9uYW1lc19jb3JyZXNw b25kZW5jZV90YWJsZQ0KLSgqNSkgdXBkYXRlLWNyeXB0by1wb2xpY2llczogaHR0cHM6Ly9naXRs YWIuY29tL3JlZGhhdC1jcnlwdG8vZmVkb3JhLWNyeXB0by1wb2xpY2llcw0KIA0KID09PSBPVk1G IEZsYXNoIExheW91dCA9PT0NCiANCiBMaWtlIGFsbCBjdXJyZW50IElBMzIvWDY0IHN5c3RlbSBk ZXNpZ25zLCBPVk1GJ3MgZmlybXdhcmUgZGV2aWNlIChyb20vZmxhc2gpDQogYXBwZWFycyBpbiBR RU1VJ3MgcGh5c2ljYWwgYWRkcmVzcyBzcGFjZSBqdXN0IGJlbG93IDRHQiAoMHgxMDAwMDAwMDAp Lg0KIA0KIE9WTUYgc3VwcG9ydHMgYnVpbGRpbmcgYSAxTUIsIDJNQiBvciA0TUIgZmxhc2ggaW1h Z2UgKHNlZSB0aGUgRFNDIGZpbGVzIGZvciB0aGUNCiBGRF9TSVpFXzFNQiwgRkRfU0laRV8yTUIs IEZEX1NJWkVfNE1CIGJ1aWxkIGRlZmluZXMpLiBUaGUgYmFzZSBhZGRyZXNzIGZvciB0aGUNCiAx TUIgaW1hZ2UgaW4gUUVNVSBwaHlzaWNhbCBtZW1vcnkgaXMgMHhmZmYwMDAwMC4gVGhlIGJhc2Ug YWRkcmVzcyBmb3IgdGhlIDJNQg0KIGltYWdlIGlzIDB4ZmZlMDAwMDAuIFRoZSBiYXNlIGFkZHJl c3MgZm9yIHRoZSA0TUIgaW1hZ2UgaXMgMHhmZmMwMDAwMC4NCiANCiBVc2luZyB0aGUgMU1CIG9y IDJNQiBpbWFnZSwgdGhlIGxheW91dCBvZiB0aGUgZmlybXdhcmUgZGV2aWNlIGluIG1lbW9yeSBs b29rcw0KLS0gCjIuMTkuMS4zLmczMDI0N2FhNWQyMDEKCg==