From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web12.4186.1600766320572064596 for ; Tue, 22 Sep 2020 02:18:40 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=PSHe5PbO; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1600766319; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3YACxAS6r51owJVw6u2QLvcPrXo4dvW5sLfEVTysLIU=; b=PSHe5PbOeFr1xEwSQbeHrSf3p8VKnIHnSNHlqly/mj766bqHFh17zuU1GQAxjJNa8zKrIm eN9C/kvrb2NCYbm4C4e952AD2eyFdG8j82miOUYq1ljJA1LCR/gRAdEx68C3NH6LQmOUOO 38B2XbV4uxR1ol43yqP1TMPEfMkTtLU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-337-ZDBTds9mP8K8ky8U5PQxUg-1; Tue, 22 Sep 2020 05:18:31 -0400 X-MC-Unique: ZDBTds9mP8K8ky8U5PQxUg-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EBEB81084C9A; Tue, 22 Sep 2020 09:18:29 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-3.ams2.redhat.com [10.36.112.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 770F561177; Tue, 22 Sep 2020 09:18:28 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Ard Biesheuvel , Gary Lin , Jordan Justen , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH] OvmfPkg/README: HTTPS Boot: describe host-side TLS cipher suites forwarding Date: Tue, 22 Sep 2020 11:18:27 +0200 Message-Id: <20200922091827.12617-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 SW4gUUVNVSBjb21taXQgcmFuZ2UgNGFiZjcwYTY2MWE1Li42OTY5OWYzMDU1YTUgKGxhdGVyIGZp eGVkIHVwIGluIFFFTVUKY29tbWl0IDQzMTg0MzJjY2QzZiksIFBoaWwgaW1wbGVtZW50ZWQgYSBR RU1VIGZhY2lsaXR5IGZvciBleHBvc2luZyB0aGUKaG9zdC1zaWRlIFRMUyBjaXBoZXIgc3VpdGUg Y29uZmlndXJhdGlvbiB0byBPVk1GLiBUaGUgcHVycG9zZSBpcyB0bwpjb250cm9sIHRoZSBwZXJt aXR0ZWQgY2lwaGVycyBpbiB0aGUgZ3Vlc3QncyBVRUZJIEhUVFBTIGJvb3QuIFRoaXMKY29tcGxl bWVudHMgdGhlIGZvcndhcmRpbmcgb2YgdGhlIGhvc3Qtc2lkZSBjcnlwdG8gcG9saWN5IGZyb20g dGhlIGhvc3QgdG8KdGhlIGd1ZXN0IC0tIHRoZSBvdGhlciBmYWNldCB3YXMgdGhlIHNldCBvZiBD QSBjZXJ0aWZpY2F0ZXMgKGZvciB3aGljaApwMTEta2l0IHBhdGNoZXMgaGFkIGJlZW4gdXBzdHJl YW1lZCwgb24gdGhlIGhvc3Qgc2lkZSkuCgpNZW50aW9uIHRoZSBuZXcgY29tbWFuZCBsaW5lIG9w dGlvbnMgaW4gIk92bWZQa2cvUkVBRE1FIi4KCkNjOiBBcmQgQmllc2hldXZlbCA8YXJkLmJpZXNo ZXV2ZWxAYXJtLmNvbT4KQ2M6IEdhcnkgTGluIDxnbGluQHN1c2UuY29tPgpDYzogSm9yZGFuIEp1 c3RlbiA8am9yZGFuLmwuanVzdGVuQGludGVsLmNvbT4KQ2M6IFBoaWxpcHBlIE1hdGhpZXUtRGF1 ZMOpIDxwaGlsbWRAcmVkaGF0LmNvbT4KUmVmOiBodHRwczovL2J1Z3ppbGxhLnRpYW5vY29yZS5v cmcvc2hvd19idWcuY2dpP2lkPTI4NTIKU2lnbmVkLW9mZi1ieTogTGFzemxvIEVyc2VrIDxsZXJz ZWtAcmVkaGF0LmNvbT4KUmV2aWV3ZWQtYnk6IEdhcnkgTGluIDxnbGluQHN1c2UuY29tPgpSZXZp ZXdlZC1ieTogUGhpbGlwcGUgTWF0aGlldS1EYXVkw6kgPHBoaWxtZEByZWRoYXQuY29tPgotLS0K Ck5vdGVzOgogICAgdjI6CiAgICAKICAgIC0gTW92ZSB0aGUgZmVhdHVyZSBib3VuZGFyeSBmcm9t IGJldHdlZW4gUUVNVSA1LjAgYW5kIDUuMSB0byA1LjE8LT41LjIKICAgICAgKHRoZSBuZWNlc3Nh cnkgdXBzdHJlYW0gUUVNVSBjb21taXQgNDMxODQzMmNjZDNmIHdpbGwgb25seSBiZSByZWxlYXNl ZAogICAgICBhcyBwYXJ0IG9mIDUuMikuIFVwZGF0ZSBib3RoIHRoZSBSRUFETUUgY29udGVudHMg YW5kIHRoZSBjb21taXQKICAgICAgbWVzc2FnZS4KICAgIAogICAgLSBJbmRlbnQgdGhlICJVc2lu ZyBRRU1VIDx2ZXJzaW9uPiIgbGlzdCBlbnRyaWVzLCBhbmQgcHJlZml4IHRoZW0gd2l0aCBhCiAg ICAgIGh5cGhlbiwgZm9yIGJldHRlciBzZXBhcmF0aW9uLiBbUGhpbF0KICAgIAogICAgLSBQaWNr IHVwIEdhcnkncyBSLWIuCiAgICAKICAgIC0gUGljayB1cCBQaGlsJ3MgUi1iLgogICAgCiAgICAt IERvIG5vdCBwaWNrIHVwIFBoaWwncyBULWIuCiAgICAKICAgIFJlcG86ICAgaHR0cHM6Ly9wYWd1 cmUuaW8vbGVyc2VrL2VkazIuZ2l0CiAgICBCcmFuY2g6IHRpYW5vY29yZV8yODUyX3YyCgogT3Zt ZlBrZy9SRUFETUUgfCAyNCArKysrKysrKysrKystLS0tLS0tLQogMSBmaWxlIGNoYW5nZWQsIDE1 IGluc2VydGlvbnMoKyksIDkgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvT3ZtZlBrZy9SRUFE TUUgYi9Pdm1mUGtnL1JFQURNRQppbmRleCAzZGQyODQ3NGVhZDQuLjcwZjBjNDE1MjY4NiAxMDA2 NDQKLS0tIGEvT3ZtZlBrZy9SRUFETUUKKysrIGIvT3ZtZlBrZy9SRUFETUUKQEAgLTI5NCw2NyAr Mjk0LDczIEBAIGFuZCBlbmNyeXB0ZWQgY29ubmVjdGlvbi4KIA0KICAgWW91IGNhbiBhbHNvIGFw cGVuZCBhIGNlcnRpZmljYXRlIHRvIHRoZSBleGlzdGluZyBsaXN0IHdpdGggdGhlIGZvbGxvd2lu Zw0KICAgY29tbWFuZDoNCiANCiAgIGVmaXNpZ2xpc3QgLWkgPG9sZCBjZXJ0ZGI+IC1hIDxjZXJ0 IGZpbGU+IC1vIDxuZXcgY2VydGRiPg0KIA0KICAgTk9URTogWW91IG1heSBuZWVkIHRoZSBwYXRj aCB0byBtYWtlIGVmaXNpZ2xpc3QgZ2VuZXJhdGUgdGhlIGNvcnJlY3QgaGVhZGVyLg0KICAgKGh0 dHBzOi8vZ2l0aHViLmNvbS9yaGJvb3QvcGVzaWduL3B1bGwvNDApDQogDQogKiBCZXNpZGVzIHRo ZSB0cnVzdGVkIGNlcnRpZmljYXRlcywgaXQncyBhbHNvIHBvc3NpYmxlIHRvIGNvbmZpZ3VyZSB0 aGUgdHJ1c3RlZA0KICAgY2lwaGVyIHN1aXRlcyBmb3IgSFRUUFMgdGhyb3VnaCBhbm90aGVyIGZ3 X2NmZyBlbnRyeTogZXRjL2VkazIvaHR0cHMvY2lwaGVycy4NCiANCi0gIC1md19jZmcgbmFtZT1l dGMvZWRrMi9odHRwcy9jaXBoZXJzLGZpbGU9PGNpcGhlciBzdWl0ZXM+DQotDQogICBPVk1GIGV4 cGVjdHMgYSBiaW5hcnkgVUlOVDE2IGFycmF5IHdoaWNoIGNvbXByaXNlcyB0aGUgY2lwaGVyIHN1 aXRlcyBIRVgNCiAgIElEcygqNCkuIElmIHRoZSBjaXBoZXIgc3VpdGUgbGlzdCBpcyBnaXZlbiwg T1ZNRiB3aWxsIGNob29zZSB0aGUgY2lwaGVyDQogICBzdWl0ZSBmcm9tIHRoZSBpbnRlcnNlY3Rp b24gb2YgdGhlIGdpdmVuIGxpc3QgYW5kIHRoZSBidWlsdC1pbiBjaXBoZXINCiAgIHN1aXRlcy4g T3RoZXJ3aXNlLCBPVk1GIGp1c3QgY2hvb3NlcyB3aGF0ZXZlciBwcm9wZXIgY2lwaGVyIHN1aXRl cyBmcm9tIHRoZQ0KICAgYnVpbHQtaW4gb25lcy4NCiANCi0gIFdoaWxlIHRoZSB0b29sKCo1KSB0 byBjcmVhdGUgdGhlIGNpcGhlciBzdWl0ZSBhcnJheSBpcyBzdGlsbCB1bmRlcg0KLSAgZGV2ZWxv cG1lbnQsIHRoZSBhcnJheSBjYW4gYmUgZ2VuZXJhdGVkIHdpdGggdGhlIGZvbGxvd2luZyBzY3Jp cHQ6DQorICAtIFVzaW5nIFFFTVUgNS4yIG9yIGxhdGVyLCBRRU1VIGNhbiBleHBvc2UgdGhlIG9y ZGVyZWQgbGlzdCBvZiBwZXJtaXR0ZWQgVExTDQorICAgIGNpcGhlciBzdWl0ZXMgZnJvbSB0aGUg aG9zdCBzaWRlIHRvIE9WTUY6DQorDQorICAtb2JqZWN0IHRscy1jaXBoZXItc3VpdGVzLGlkPW15 c3VpdGUwLHByaW9yaXR5PUBTWVNURU0gXA0KKyAgLWZ3X2NmZyBuYW1lPWV0Yy9lZGsyL2h0dHBz L2NpcGhlcnMsZ2VuX2lkPW15c3VpdGUwDQorDQorICAoUmVmZXIgdG8gdGhlIFFFTVUgbWFudWFs IGFuZCB0bw0KKyAgPGh0dHBzOi8vZ251dGxzLm9yZy9tYW51YWwvaHRtbF9ub2RlL1ByaW9yaXR5 LVN0cmluZ3MuaHRtbD4gZm9yIG1vcmUNCisgIGluZm9ybWF0aW9uIG9uIHRoZSAicHJpb3JpdHki IHByb3BlcnR5LikNCisNCisgIC0gVXNpbmcgUUVNVSA1LjEgb3IgZWFybGllciwgdGhlIGFycmF5 IGhhcyB0byBiZSBwYXNzZWQgZnJvbSBhIGZpbGU6DQorDQorICAtZndfY2ZnIG5hbWU9ZXRjL2Vk azIvaHR0cHMvY2lwaGVycyxmaWxlPTxjaXBoZXIgc3VpdGVzPg0KKw0KKyAgd2hvc2UgY29udGVu dHMgY2FuIGJlIGdlbmVyYXRlZCB3aXRoIHRoZSBmb2xsb3dpbmcgc2NyaXB0LCBmb3IgZXhhbXBs ZToNCiANCiAgIGV4cG9ydCBMQ19BTEw9Qw0KICAgb3BlbnNzbCBjaXBoZXJzIC1WIFwNCiAgIHwg c2VkIC1yIC1uIFwNCiAgICAgIC1lICdzL14gKjB4KFswLTlBLUZdezJ9KSwweChbMC05QS1GXXsy fSkgLSAuKiQvXFxcXHhcMSBcXFxceFwyL3AnIFwNCiAgIHwgeGFyZ3MgLXIgLS0gcHJpbnRmIC0t ICclYicgPiBjaXBoZXJzLmJpbg0KIA0KICAgVGhpcyBzY3JpcHQgY3JlYXRlcyBjaXBoZXJzLmJp biB0aGF0IGNvbnRhaW5zIGFsbCB0aGUgY2lwaGVyIHN1aXRlIElEcw0KICAgc3VwcG9ydGVkIGJ5 IG9wZW5zc2wgYWNjb3JkaW5nIHRvIHRoZSBsb2NhbCBob3N0IGNvbmZpZ3VyYXRpb24uDQogDQog ICBZb3UgbWF5IHdhbnQgdG8gZW5hYmxlIG9ubHkgYSBsaW1pdGVkIHNldCBvZiBjaXBoZXIgc3Vp dGVzLiBUaGVuLCB5b3UNCiAgIHNob3VsZCBjaGVjayB0aGUgdmFsaWRpdHkgb2YgeW91ciBsaXN0 IGZpcnN0Og0KIA0KICAgb3BlbnNzbCBjaXBoZXJzIC1WIDxjaXBoZXIgbGlzdD4NCiANCiAgIElm IGFsbCB0aGUgY2lwaGVyIHN1aXRlcyBpbiB5b3VyIGxpc3QgbWFwIHRvIHRoZSBwcm9wZXIgSEVY IElEcywgZ28gYWhlYWQNCiAgIHRvIG1vZGlmeSB0aGUgc2NyaXB0IGFuZCBleGVjdXRlIGl0Og0K IA0KICAgZXhwb3J0IExDX0FMTD1DDQogICBvcGVuc3NsIGNpcGhlcnMgLVYgPGNpcGhlciBsaXN0 PiBcDQogICB8IHNlZCAtciAtbiBcDQogICAgICAtZSAncy9eICoweChbMC05QS1GXXsyfSksMHgo WzAtOUEtRl17Mn0pIC0gLiokL1xcXFx4XDEgXFxcXHhcMi9wJyBcDQogICB8IHhhcmdzIC1yIC0t IHByaW50ZiAtLSAnJWInID4gY2lwaGVycy5iaW4NCiANCi0qIEluIHRoZSBmdXR1cmUgKGFmdGVy IHJlbGVhc2UgMi4xMiksIFFFTVUgc2hvdWxkIHBvcHVsYXRlIGJvdGggYWJvdmUgZndfY2ZnDQot ICBmaWxlcyBhdXRvbWF0aWNhbGx5IGZyb20gdGhlIGxvY2FsIGhvc3QgY29uZmlndXJhdGlvbiwg YW5kIGVuYWJsZSB0aGUgdXNlcg0KLSAgdG8gb3ZlcnJpZGUgZWl0aGVyIHdpdGggZGVkaWNhdGVk IG9wdGlvbnMgb3IgcHJvcGVydGllcy4NCi0NCiAoKjEpIFNlZSAiMzEuNC4xIFNpZ25hdHVyZSBE YXRhYmFzZSIgaW4gVUVGSSBzcGVjaWZpY2F0aW9uIDIuNyBlcnJhdGEgQS4NCiAoKjIpIHAxMS1r aXQ6IGh0dHBzOi8vZ2l0aHViLmNvbS9wMTEtZ2x1ZS9wMTEta2l0Lw0KICgqMykgZWZpc2lnbGlz dDogaHR0cHM6Ly9naXRodWIuY29tL3JoYm9vdC9wZXNpZ24vYmxvYi9tYXN0ZXIvc3JjL2VmaXNp Z2xpc3QuYw0KICgqNCkgaHR0cHM6Ly93aWtpLm1vemlsbGEub3JnL1NlY3VyaXR5L1NlcnZlcl9T aWRlX1RMUyNDaXBoZXJfbmFtZXNfY29ycmVzcG9uZGVuY2VfdGFibGUNCi0oKjUpIHVwZGF0ZS1j cnlwdG8tcG9saWNpZXM6IGh0dHBzOi8vZ2l0bGFiLmNvbS9yZWRoYXQtY3J5cHRvL2ZlZG9yYS1j cnlwdG8tcG9saWNpZXMNCiANCiA9PT0gT1ZNRiBGbGFzaCBMYXlvdXQgPT09DQogDQogTGlrZSBh bGwgY3VycmVudCBJQTMyL1g2NCBzeXN0ZW0gZGVzaWducywgT1ZNRidzIGZpcm13YXJlIGRldmlj ZSAocm9tL2ZsYXNoKQ0KIGFwcGVhcnMgaW4gUUVNVSdzIHBoeXNpY2FsIGFkZHJlc3Mgc3BhY2Ug anVzdCBiZWxvdyA0R0IgKDB4MTAwMDAwMDAwKS4NCiANCiBPVk1GIHN1cHBvcnRzIGJ1aWxkaW5n IGEgMU1CLCAyTUIgb3IgNE1CIGZsYXNoIGltYWdlIChzZWUgdGhlIERTQyBmaWxlcyBmb3IgdGhl DQogRkRfU0laRV8xTUIsIEZEX1NJWkVfMk1CLCBGRF9TSVpFXzRNQiBidWlsZCBkZWZpbmVzKS4g VGhlIGJhc2UgYWRkcmVzcyBmb3IgdGhlDQogMU1CIGltYWdlIGluIFFFTVUgcGh5c2ljYWwgbWVt b3J5IGlzIDB4ZmZmMDAwMDAuIFRoZSBiYXNlIGFkZHJlc3MgZm9yIHRoZSAyTUINCiBpbWFnZSBp cyAweGZmZTAwMDAwLiBUaGUgYmFzZSBhZGRyZXNzIGZvciB0aGUgNE1CIGltYWdlIGlzIDB4ZmZj MDAwMDAuDQogDQogVXNpbmcgdGhlIDFNQiBvciAyTUIgaW1hZ2UsIHRoZSBsYXlvdXQgb2YgdGhl IGZpcm13YXJlIGRldmljZSBpbiBtZW1vcnkgbG9va3MNCi0tIAoyLjE5LjEuMy5nMzAyNDdhYTVk MjAxCgo=