From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8C971223AF838 for ; Sun, 4 Feb 2018 19:27:24 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2018 19:33:04 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,462,1511856000"; d="scan'208";a="198616614" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga005.jf.intel.com with ESMTP; 04 Feb 2018 19:33:03 -0800 Received: from FMSMSX110.amr.corp.intel.com (10.18.116.10) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 4 Feb 2018 19:33:02 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx110.amr.corp.intel.com (10.18.116.10) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 4 Feb 2018 19:33:02 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.116]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.253]) with mapi id 14.03.0319.002; Mon, 5 Feb 2018 11:33:00 +0800 From: "Wu, Jiaxin" To: 'Laszlo Ersek' , "Kinney, Michael D" , "Fu, Siyuan" , "Ye, Ting" , "Li, Ruth" , "Long, Qin" , "Yao, Jiewen" , "Hsiung, Harry L" CC: edk2-devel-01 Thread-Topic: setting the TLS cipher list for HTTPS booting Thread-Index: AQHTkTKC7SSIQqPfwE6mEzdxVropQKN8Nf+ggALqwACAAZWo0IAARlKAgAAQ6YCAATdDQIAAHRVggAA0GHCAAB3oAIABPwpggAAYLYCACzCM8A== Date: Mon, 5 Feb 2018 03:33:00 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B72741637DE9E@SHSMSX103.ccr.corp.intel.com> References: <5307d880-d016-ad91-04f5-6b83eb40f905@redhat.com> <895558F6EA4E3B41AC93A00D163B72741635E571@SHSMSX103.ccr.corp.intel.com> <7b529d2c-1e46-3bd5-d8a6-9225a630f23b@redhat.com> <895558F6EA4E3B41AC93A00D163B72741635F0B5@SHSMSX103.ccr.corp.intel.com> <366c3083-0eb1-ecb4-2050-654c09135f8a@redhat.com> <93bf358e-7e57-a0f0-b8ba-239e72036c27@redhat.com> <895558F6EA4E3B41AC93A00D163B72741635F6BC@SHSMSX103.ccr.corp.intel.com> <895558F6EA4E3B41AC93A00D163B72741635F7FE@SHSMSX103.ccr.corp.intel.com> <895558F6EA4E3B41AC93A00D163B72741635F9AF@SHSMSX103.ccr.corp.intel.com> <925c091e-af14-2449-e3ba-f8d6302dea49@redhat.com> <895558F6EA4E3B41AC93A00D163B72741635FE91@SHSMSX103.ccr.corp.intel.com> <99394818-f0d5-8566-c1f7-240004e5cedd@redhat.com> In-Reply-To: <99394818-f0d5-8566-c1f7-240004e5cedd@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYzk3MTQ5MDktMWY0YS00NThiLThhYzMtMzUzMWMzZjZjNjUyIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6ImU3ZnJcL29Sb2RIVHJCTlJucVNSR0hxeDNBMndhM21FazVQbkt6dzZ1ZGFJPSJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: setting the TLS cipher list for HTTPS booting X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 03:27:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgTGFzemxvLA0KDQpJbiByZWNlbnQgZGF5cywgd2UgcmVjZWl2ZWQgdGhlIGNvbW1lbnQgZnJv bSBLaW5uZXkgYWJvdXQgdGhlIFBDRCB1c2FnZSBpbiBVRUZJIGRyaXZlci4gIEtpbm5leSBkb2Vz bid0IHJlY29tbWVuZCB1cyB0byB1c2UgdGhlICpkeW5hbWljIFBDRCogaW4gKnNvZnQtbG9hZGlu ZyogVUVGSSBkcml2ZXIgZXZlbiB0aG91Z2ggaXQncyBub3QgcHJvaGliaXRlZC4gDQoNClNvLCB3 ZSB3YW50IHRvIGNvbmZpcm0gd2l0aCB5b3Ugd2hldGhlciB0aGlzIGlzIHRoZSB1cmdlbnQgcmVx dWVzdCBuZWVkIHVzIHRvIHN1cHBvcnQgaXQgQVNBUCBvciBpdCdzIGluIGxvdyBwcmlvcml0eS4g DQpJZiB5b3UgbmVlZCB1cyBzdXBwb3J0IHRoZSBmZWF0dXJlIEFTQVAsIHdlIGNhbiB1c2UgdGhl ICBwcml2YXRlIHZhcmlhYmxlIHNvbHV0aW9uIGFzIHdlIGRpc2N1c3NlZCBiZWZvcmUgc2luY2Ug dGhlcmUgaXMgbm8gc2VjdXJpdHkgaXNzdWUgYW5kIHRoZSBzaXplIHJlcXVpcmVtZW50IGlzIG5v dCBiaWcuICANCklmIG5vdCB1cmdlbmN5LCB3ZSBtaWdodCBjb25zaWRlciB3aGV0aGVyIG5lZWQg dG8gZGVmaW5lIGEgcGxhdGZvcm0gdG8gZHJpdmVyIGNvbmZpZ3VyYXRpb24gcHJvdG9jb2wgb3Ig bm90LiBZb3Uga25vdyBpdCB3aWxsIHRha2UgYSBsb25nIHRpbWUgdG8gc2NhbmRhbGl6ZSBvbmUg cHJvdG9jb2wgZm9yIHBsYXRmb3JtIEhUVFBTIGNvbmZpZ3VyYXRpb24gaW4gdGhlIGZ1dHVyZSBV RUZJIHNwZWMuDQoNClRoYW5rcywNCkppYXhpbg0KDQoNCj4gLS0tLS1PcmlnaW5hbCBNZXNzYWdl LS0tLS0NCj4gRnJvbTogTGFzemxvIEVyc2VrIFttYWlsdG86bGVyc2VrQHJlZGhhdC5jb21dDQo+ IFNlbnQ6IFRodXJzZGF5LCBKYW51YXJ5IDI1LCAyMDE4IDg6NDIgUE0NCj4gVG86IFd1LCBKaWF4 aW4gPGppYXhpbi53dUBpbnRlbC5jb20+OyBGdSwgU2l5dWFuIDxzaXl1YW4uZnVAaW50ZWwuY29t PjsgWWUsDQo+IFRpbmcgPHRpbmcueWVAaW50ZWwuY29tPjsgTG9uZywgUWluIDxxaW4ubG9uZ0Bp bnRlbC5jb20+OyBZYW8sIEppZXdlbg0KPiA8amlld2VuLnlhb0BpbnRlbC5jb20+OyBIc2l1bmcs IEhhcnJ5IEwgPGhhcnJ5LmwuaHNpdW5nQGludGVsLmNvbT4NCj4gQ2M6IGVkazItZGV2ZWwtMDEg PGVkazItZGV2ZWxAbGlzdHMuMDEub3JnPg0KPiBTdWJqZWN0OiBSZTogc2V0dGluZyB0aGUgVExT IGNpcGhlciBsaXN0IGZvciBIVFRQUyBib290aW5nDQo+IA0KPiBPbiAwMS8yNS8xOCAwNTo1Miwg V3UsIEppYXhpbiB3cm90ZToNCj4gPiBIaSBMYXN6bG8sDQo+ID4NCj4gPiBUaGUgSHR0cER4ZSBk cml2ZXIgbmVlZHMgdG8gaW5zdGFsbCB0aGUgRHJpdmVyIEJpbmRpbmcgUHJvdG9jb2wgc28gYXMN Cj4gPiB0byBjaGVjayBpZiBhIHNwZWNpZmljIGNvbnRyb2xsZXIgaXMgc3VwcG9ydGVkIGJ5IEh0 dHBEeGUuIEh0dHBEeGUNCj4gPiBjYW4gb25seSBiZSBzdGFydGVkIGlmIHRoZSBUY3BTZXJ2aWNl QmluZGluZ1Byb3RvY29sIGV4aXN0ZWQuIFNvLCBpdA0KPiA+IGhhcyB0byBmb2xsb3cgdGhlIFVF RkkgRHJpdmVyIE1vZGVsLg0KPiA+DQo+ID4gRm9yIHRoZSBQQ0QgdXNhZ2UsIEkgdGhpbmsgaXQg c2hvdWxkIGJlIGZpbmUgdG8gY292ZXIgdGhlDQo+ID4gY29uZmlndXJhdGlvbiBvZiBVRUZJIERy aXZlcnMgdGhyb3VnaCB0aGUgUENEIHNldHRpbmdzLiBUaGUNCj4gPiByZXF1aXJlbWVudCBvZiAq LmluZiBuZWVkcyB0byBpbmNsdWRlIHRoZSBQY2RMaWIgYW5kIHRoZSBzZWN0aW9uIG9mDQo+ID4g W1BjZF0uIFdlIGFscmVhZHkgaGF2ZSB0aGUgc2ltaWxhciBwYXR0ZXJuIGZvciB0aGlzIHVzYWdl LCBmb3INCj4gPiBleGFtcGxlLCBQczJLZXlib2FyZER4ZSwgUGNpQnVzRHhlLCBQY2lTaW9TZXJp YWxEeGUsIGFuZCBldGMgaW4NCj4gPiBNZGVNb2R1bGVQa2cuIEJlc2lkZXMsIHRoZXJlIGFyZSBz b21lIGFkdmFudGFnZXMgYnkgdXNpbmcgUENEDQo+ID4gY29tcGFyZWQgdG8gdGhlIHZhcmlhYmxl LiBGaXJzdCwgUENEIGlzIG9uZSBraW5kIG9mIGludGVyZmFjZSB0aGF0DQo+ID4gbW9yZSBmb3Jt YWwgdGhhbiBhIHByaXZhdGUgdmFyaWFibGUsIHRoZSBzZXR0aW5nIGJ5IFBDRCBpcyBtb3JlDQo+ ID4gYWNjZXB0YWJsZSBieSB0aGUgY29uc3VtZXIuIFNlY29uZGx5LCBmcm9tIGEgKnNlY3VyaXR5 KiBzdGFuZHBvaW50LA0KPiA+IHZhcmlhYmxlIGNhbiBiZSBkdW1wZWQgZWFzaWx5IGZyb20gdGhl IGZsYXNoIHJlZ2lvbi4gSGVyZSwgZXZlbg0KPiA+IHRob3VnaCBpdCdzIG5vIHNlY3VyaXR5IGlt cGFjdCB0b3dhcmRzIHRoZSBjaXBoZXIgbGlzdCBzdG9yYWdlDQo+ID4gYmVjYXVzZSBpdCB3aWxs IGJlIHB1YmxpYyBzaGFyZWQgdG8gcmVtb3RlIHNlcnZlciwgYnV0IHdlIG5lZWQgdG8NCj4gPiB0 aGluayBhbmQgKmFsaWduKiB3aXRoIG90aGVyIGNvbmZpZ3VyYXRpb25zIGZvciBUTFMgaW4gSFRU UFMgbGV2ZWwuDQo+ID4gRm9yIGV4YW1wbGUsIGluIHRoZSBmdXR1cmUsIHdlIG1pZ2h0IHN1cHBv cnQgdGhlIEhUVFBTIG11dHVhbA0KPiA+IGF1dGhlbnRpY2F0aW9uLCB0aGFuIHRoZSBob3N0IFBy aXZhdGVLZXkvUGFzc3dvcmQNCj4gPiAoRWZpVGxzQ29uZmlnRGF0YVR5cGVIb3N0UHJpdmF0ZUtl eSkgKm11c3RuJ3QqIGJlIHNhdmVkIGFzIGEgdmFyaWFibGUNCj4gPiBkdWUgdG8gaXRzIGNvbmZp ZGVudGlhbGl0eSwgd2hpbGUgUENEIGlzIGdvb2QgY2hvaWNlLiBBdCB0aGF0IHRpbWUsDQo+ID4g d2Ugd2lsbCBhbHNvIHByb3ZpZGUgdGhlIFBDRCBmb3IgRWZpVGxzQ29uZmlnRGF0YVR5cGVDQUNl cnRpZmljYXRlLA0KPiA+IHdoaWNoIGlzIGN1cnJlbnRseSBzZXR0aW5nIGJ5IHRoZSB2YXJpYWJs ZSAoVGxzQ2FDZXJ0aWZpY2F0ZSksIHNvIGFzDQo+ID4gdG8gYWxpZ24gYWxsIHRoZSBjb25maWd1 cmF0aW9uIHNldHRpbmcgb24gb25lIGxpbmUsIHdoaWNoIGNhbiByZWR1Y2UNCj4gPiB0aGUgY29t cGxleGl0eSBvZiBwbGF0Zm9ybSB1c2FnZS4gRmluYWxseSwgd2UgY2FuIGFsc28gc2F2ZSB0aGUN Cj4gPiB2YXJpYWJsZSBzcGFjZS4NCj4gPg0KPiA+IEZyb20gdGhlIGFib3ZlLCB0aGUgZHluYW1p YyBQQ0QgaXMgYSBzb2x1dGlvbiBJIHN0aWxsIHByZWZlcnJlZC4NCj4gDQo+IE9LLCBpdCB3b3Jr cyBmb3IgbWUuIFRoYW5rcyENCj4gTGFzemxvDQo=