From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: Thomas Palmer <thomas.palmer@hpe.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Version renegotiate
Date: Fri, 9 Sep 2016 02:42:26 +0000 [thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B7274137FB420@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <1473362148-7445-1-git-send-email-thomas.palmer@hpe.com>
Series Reviewed-By: Wu Jiaxin <jiaxin.wu@intel.com>
Best Regards!
Jiaxin
> -----Original Message-----
> From: Thomas Palmer [mailto:thomas.palmer@hpe.com]
> Sent: Friday, September 9, 2016 3:16 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; joseph.shifflett@hpe.com; Thomas
> Palmer <thomas.palmer@hpe.com>
> Subject: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib:
> Version renegotiate
>
> The TLS protocol allows for clients and servers to negotiate which version of
> TLS to use. Newer versions are deemed safer, so when they are available the
> client and server should opt to use them.
>
> The EDK2 TLS code today only allows TLSv1.0 for TLS communication,
> regardless of the target server's capabilities. In order to use the newer
> protocols, we'll update the EDK2 TlsLib.c code to allow for TLS version
> negotiation when a new TLS object is created. The TLS version specified in
> TlsCtxNew will be the minimum version accepted.
>
> Because EDK2 is not yet using OpenSSL 1.1, we use SSL_set_options to
> simulate SSL_CTX_set_min_proto_version.
>
> We'll leave the current "EfiTlsVersion" functionality intact, which will restrict
> which version of TLS to use and prevent negotiation.
>
> However, to demonstrate the TLS regotiation in this feature branch, we'll
> remove the code that calls EfiTlsVersion in the HttpDxe module.
>
> Contributed-under: TianoCore Contribution Agreement 1.0
>
> Thomas Palmer (2):
> [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: TLS Ver negotiate
> [edk2-staging/HTTPS-TLS][PATCH]: NetworkPkg/HttpDxe: Unrestrict TLSv
>
> CryptoPkg/Library/TlsLib/TlsLib.c | 20 ++++++++++++++++----
> NetworkPkg/HttpDxe/HttpsSupport.c | 14 +-------------
> 2 files changed, 17 insertions(+), 17 deletions(-)
>
> --
> 2.7.4
prev parent reply other threads:[~2016-09-09 2:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-08 19:15 [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Version renegotiate Thomas Palmer
2016-09-08 19:15 ` [PATCH v2 1/2] [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: TLS Ver negotiate Thomas Palmer
2016-09-08 19:15 ` [PATCH v2 2/2] [edk2-staging/HTTPS-TLS][PATCH]: NetworkPkg/HttpDxe: Unrestrict TLSv Thomas Palmer
2016-09-09 2:42 ` Wu, Jiaxin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=895558F6EA4E3B41AC93A00D163B7274137FB420@SHSMSX103.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox