From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from IMSVA.IN.MEGATRENDS.COM (venus.amiindia.co.in [111.93.197.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2EF6F1A1EDF for ; Wed, 21 Sep 2016 06:09:04 -0700 (PDT) Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 10F4882047; Wed, 21 Sep 2016 18:39:21 +0530 (IST) Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 04C0E82046; Wed, 21 Sep 2016 18:39:21 +0530 (IST) Received: from webmail.amiindia.co.in (venus2.in.megatrends.com [10.0.0.7]) by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS; Wed, 21 Sep 2016 18:39:20 +0530 (IST) Received: from VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5]) by Venus2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b%14]) with mapi id 14.03.0248.002; Wed, 21 Sep 2016 18:38:47 +0530 From: Santhapur Naveen To: "Palmer, Thomas" , "edk2-devel@lists.01.org" Thread-Topic: Issues with HTTPS Boot Thread-Index: AdITMrB9dQ9WWubnSXaJO1RcrMRFRgAJIYwAACb2LMA= Date: Wed, 21 Sep 2016 13:09:03 +0000 Message-ID: <625A2455CC232F40B0F38F05ACED6D978C2C29FD@VENUS1.in.megatrends.com> References: <625A2455CC232F40B0F38F05ACED6D978C2C2225@VENUS1.in.megatrends.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.0.93.16] MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-TM-AS-Product-Ver: IMSVA-9.1.0.1600-8.1.0.1054-22590.007 X-TM-AS-Result: No--16.217-5.0-31-10 X-imss-scan-details: No--16.217-5.0-31-10 X-TMASE-Version: IMSVA-9.1.0.1600-8.1.1054-22590.007 X-TMASE-Result: 10--16.217400-10.000000 X-TMASE-MatchedRID: u7Yf2n7Ca/1Zjh0+31OktnGBmLio+mJgIM86Aeo6sYJG5JgptSbJaxa5 2myIWiomcHa1nPRPEBGsXAiB6VK48MM8uuVxUoODma6DzXaohvOeimGtNywjti62hjZS0WoYNz+ l7L93+g2oy3O8wJBQamAYo2k1qI98lh5qb5HiiQePmEs8Jfdl0yaVorlEoYzqr5aAJxq+KobPDv 1nIh0Tpzk1O3DhMy/ClLJqY8h3SAVx9EmrVy1N/DCj6xe3SuezpLOv1YSZntxI7YhsiSUzzBhKt wFUnjC0ukFaFkPU4QAqDOVvf7GKiZFReOKFN/0ItT4jIeGRd/V1k+gP1XamtJsoi2XrUn/JfY9h sM0xN70qtq5d3cxkNQP90fJP9eHt X-TMASE-SNAP-Result: 1.811037.0001-0-1-12:0,22:0,33:0,34:0,39:0-0 Subject: Re: Issues with HTTPS Boot X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Sep 2016 13:09:04 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Thomas, Regarding my previous mail, after TCP handshake, Client Says Hello to seve= r and the Server replies its Hello to the client with TLSv1. =20 Client says hello with the following Cipher Suites: 1. TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) 2. TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) 3. TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) 4. TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) 5. TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) For the Client Hello, Server responds with its Hello and chooses TLS_RSA_W= ITH_AES_128_CBC_SHA (0x002f) using TLSv1. The client sends an acknowledgeme= nt to the server and then immediately sends RST.=20 After some debugging, it was found that it fails in TlsConnectSession(). W= ould you please provide your comments on this? Thanks, Naveen -----Original Message----- From: Palmer, Thomas [mailto:thomas.palmer@hpe.com]=20 Sent: Tuesday, September 20, 2016 9:30 PM To: Santhapur Naveen; edk2-devel@lists.01.org Subject: RE: Issues with HTTPS Boot Naveen, I cannot see attachments on this email.=20 =09 What TLS versions and ciphers does your web server support? Depending on w= hen you built the UEFI image, your server may need to have TLS v1.0 enabled= and support one of the non-SHA256 ciphers listed at the top of TlsLib.c. = =20 =09 Regards, Thomas Palmer "I have only made this letter longer because I have not had the time to mak= e it shorter" - Blaise Pascal -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Sant= hapur Naveen Sent: Tuesday, September 20, 2016 6:42 AM To: edk2-devel@lists.01.org Subject: [edk2] Issues with HTTPS Boot Hello All, Since the HTTPS Boot came into picture, I was very enthusiastic t= o try it. I configured the server as-is explained in the white paper https:= //github.com/tianocore/tianocore.github.io/wiki/EDK%20II%20White%20papers But when I try to go for an HTTPS boot, it stops after the TCP ha= ndshake. Attached is the Wireshark log. Please help me out and also let me = know if any other details are needed. Thank you, Naveen _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel