From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 2A0311A1E59 for ; Thu, 8 Sep 2016 19:43:33 -0700 (PDT) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP; 08 Sep 2016 19:43:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,303,1470726000"; d="scan'208";a="6391283" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga005.jf.intel.com with ESMTP; 08 Sep 2016 19:43:32 -0700 Received: from fmsmsx116.amr.corp.intel.com (10.18.116.20) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 8 Sep 2016 19:43:32 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx116.amr.corp.intel.com (10.18.116.20) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 8 Sep 2016 19:42:29 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.102]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.166]) with mapi id 14.03.0248.002; Fri, 9 Sep 2016 10:42:26 +0800 From: "Wu, Jiaxin" To: Thomas Palmer , "edk2-devel@lists.01.org" Thread-Topic: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Version renegotiate Thread-Index: AQHSCgV1SfSr8ql6uEKnu7UJysz/w6Bwc2xg Date: Fri, 9 Sep 2016 02:42:26 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B7274137FB420@SHSMSX103.ccr.corp.intel.com> References: <1473362148-7445-1-git-send-email-thomas.palmer@hpe.com> In-Reply-To: <1473362148-7445-1-git-send-email-thomas.palmer@hpe.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOGZkOTgyNmEtMmU1Yi00ZDNlLTg5NDgtZjljMjgxYmMyNjYyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6Imc4VzdZZW0zUWtYNEJud0xKdDVVUFNuNzhkZ1dzVjhlTjMzN2cyYXU4Tk09In0= x-ctpclassification: CTP_IC x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Version renegotiate X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Sep 2016 02:43:33 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Series Reviewed-By: Wu Jiaxin Best Regards! Jiaxin > -----Original Message----- > From: Thomas Palmer [mailto:thomas.palmer@hpe.com] > Sent: Friday, September 9, 2016 3:16 AM > To: edk2-devel@lists.01.org > Cc: Wu, Jiaxin ; joseph.shifflett@hpe.com; Thomas > Palmer > Subject: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: > Version renegotiate >=20 > The TLS protocol allows for clients and servers to negotiate which versio= n of > TLS to use. Newer versions are deemed safer, so when they are available = the > client and server should opt to use them. >=20 > The EDK2 TLS code today only allows TLSv1.0 for TLS communication, > regardless of the target server's capabilities. In order to use the newer > protocols, we'll update the EDK2 TlsLib.c code to allow for TLS version > negotiation when a new TLS object is created. The TLS version specified i= n > TlsCtxNew will be the minimum version accepted. >=20 > Because EDK2 is not yet using OpenSSL 1.1, we use SSL_set_options to > simulate SSL_CTX_set_min_proto_version. >=20 > We'll leave the current "EfiTlsVersion" functionality intact, which will = restrict > which version of TLS to use and prevent negotiation. >=20 > However, to demonstrate the TLS regotiation in this feature branch, we'll > remove the code that calls EfiTlsVersion in the HttpDxe module. >=20 > Contributed-under: TianoCore Contribution Agreement 1.0 >=20 > Thomas Palmer (2): > [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: TLS Ver negotiate > [edk2-staging/HTTPS-TLS][PATCH]: NetworkPkg/HttpDxe: Unrestrict TLSv >=20 > CryptoPkg/Library/TlsLib/TlsLib.c | 20 ++++++++++++++++---- > NetworkPkg/HttpDxe/HttpsSupport.c | 14 +------------- > 2 files changed, 17 insertions(+), 17 deletions(-) >=20 > -- > 2.7.4