public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: "Palmer, Thomas" <thomas.palmer@hpe.com>,
	"Long, Qin" <qin.long@intel.com>,
	"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>,
	"Fu, Siyuan" <siyuan.fu@intel.com>,
	"Gao,  Liming" <liming.gao@intel.com>
Subject: Re: [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions with the standardized one
Date: Mon, 1 Aug 2016 01:22:31 +0000	[thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B7274137C2D07@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <CS1PR84MB015180B443FFC6719A3DB968ED010@CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM>

Thomas,
I agree some of them are not supported due to the UEFI OpenSSL configuration, but it doesn't affect those mapping relationship added in the patch. So, I have no strong opinion whether to support it by modifying the current OpenSSL configuration. Since Qin is the OpenSSL expert, I'd like to hear his views.

Qin, 
What's your opinion?

Thanks.
Jiaxin 

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> Palmer, Thomas
> Sent: Saturday, July 30, 2016 6:03 AM
> To: Wu, Jiaxin <jiaxin.wu@intel.com>; edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Gao,
> Liming <liming.gao@intel.com>; Long, Qin <qin.long@intel.com>
> Subject: Re: [edk2] [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS
> definitions with the standardized one
> 
> Jiaxin,
> 
> 	UEFI's OpenSSL library does not support all the ciphers that were
> added in your patch due to the UEFI configuration.  We need to remove "no-
> idea" and "no-dsa" from the process_files.sh and add "enable-weak-ssl-
> ciphers"
> 
> 	While we are modifying process_files.sh, we can remove "no-
> pqueue" from process_files.sh so that OpensslLib.inf is in sync.
> 
> 	I can send out a patch to do so if you wish.
> 
> Thomas
> 
> -----Original Message-----
> From: Jiaxin Wu [mailto:jiaxin.wu@intel.com]
> Sent: Thursday, July 14, 2016 12:51 AM
> To: edk2-devel@lists.01.org
> Cc: Liming Gao <liming.gao@intel.com>; Palmer, Thomas
> <thomas.palmer@hpe.com>; Long Qin <qin.long@intel.com>; Ye Ting
> <ting.ye@intel.com>; Fu Siyuan <siyuan.fu@intel.com>; Wu Jiaxin
> <jiaxin.wu@intel.com>
> Subject: [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions with the
> standardized one
> 
> The series patches are used to replace the TLS definitions with the
> standardized one. In addition, more TLS cipher suite mapping between
> Cipher Suite definitions and OpenSSL-used Cipher Suite name are added.
> 
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Palmer Thomas <thomas.palmer@hpe.com>
> Cc: Long Qin <qin.long@intel.com>
> Cc: Ye Ting <ting.ye@intel.com>
> Cc: Fu Siyuan <siyuan.fu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
> 
> Jiaxin Wu (4):
>   MdePkg: Add a header to standardize TLS definitions
>   CryptoPkg: Add more TLS cipher suite mapping
>   NetworkPkg/TlsDxe: Replace the definitions with the standardized one
>   NetworkPkg/HttpDxe: Replace the definitions with the standardized one
> 
>  CryptoPkg/Library/TlsLib/TlsLib.c      | 3585 ++++++++++++++++----------------
>  MdePkg/Include/IndustryStandard/Tls1.h |   93 +
>  NetworkPkg/HttpDxe/HttpDriver.h        |    2 +
>  NetworkPkg/HttpDxe/HttpProto.c         |   12 +-
>  NetworkPkg/HttpDxe/HttpsSupport.c      |   22 +-
>  NetworkPkg/HttpDxe/HttpsSupport.h      |   44 -
>  NetworkPkg/TlsDxe/TlsImpl.c            |   56 +-
>  NetworkPkg/TlsDxe/TlsImpl.h            |   30 +-
>  NetworkPkg/TlsDxe/TlsProtocol.c        |    2 +-
>  9 files changed, 1945 insertions(+), 1901 deletions(-)  create mode 100644
> MdePkg/Include/IndustryStandard/Tls1.h
> 
> --
> 1.9.5.msysgit.1
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel


  reply	other threads:[~2016-08-01  1:22 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1468475478-145272-1-git-send-email-jiaxin.wu@intel.com>
2016-07-29 22:02 ` [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions with the standardized one Palmer, Thomas
2016-08-01  1:22   ` Wu, Jiaxin [this message]
2016-08-01  1:48     ` Long, Qin
2016-08-01 21:45       ` Palmer, Thomas
2016-08-02  1:34         ` Wu, Jiaxin
2016-08-02  1:51           ` Palmer, Thomas
2016-08-02  2:03             ` Wu, Jiaxin
2016-08-02  3:46               ` Long, Qin
2016-08-02 21:14               ` Palmer, Thomas
2016-08-03  3:27                 ` Wu, Jiaxin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=895558F6EA4E3B41AC93A00D163B7274137C2D07@SHSMSX103.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox