From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"Zimmer, Vincent" <vincent.zimmer@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Ye, Ting" <ting.ye@intel.com>
Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList.
Date: Sun, 11 Feb 2018 02:33:13 +0000 [thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B727416381A30@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <835e4fbd-67bc-ad07-45ce-80b1156702a7@redhat.com>
Hi Laszlo,
Besides the compatibility consideration, we'd better *not* put CipherList and CaCertificate into one variable. In the future, we prefer to manage the CaCertificate with other cert configuration items together (e.g. HostPublicCert, HostPrivateCert, etc ) rather than the parameters like CipherList. You know we can't save the host cert pairs as variable due to the security consideration.
So, case by case, let's keep current solution to define the variable named as "HttpTlsCipherList".
Thanks,
Jiaxin
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Friday, February 9, 2018 6:12 PM
> To: Fu, Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>;
> edk2-devel@lists.01.org
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Ye,
> Ting <ting.ye@intel.com>
> Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> CipherList.
>
> On 02/09/18 06:22, Fu, Siyuan wrote:
> > Hi, Jiaxin
> >
> > I think we can remove the "TlsCipherList.h" to another name like
> > "HttpTlsCipherListVariable.h" to highlight that the variable is only
> > used for HTTP configuration. And also the variable name and GUID
> > name.
> If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term
> as new name, something like "gHttpTlsVariableGuid"? And then put both
> variables, the CA List and the Cipher List, in that (same) namespace GUID?
>
> It's not that we'll run out of GUIDs any time soon :) , but I think
> these variables belong closely together.
>
> Thanks,
> Laszlo
>
> >> -----Original Message-----
> >> From: Wu, Jiaxin
> >> Sent: Friday, February 9, 2018 12:00 PM
> >> To: edk2-devel@lists.01.org
> >> Cc: Laszlo Ersek <lersek@redhat.com>; Kinney, Michael D
> >> <michael.d.kinney@intel.com>; Zimmer, Vincent
> <vincent.zimmer@intel.com>;
> >> Yao, Jiewen <jiewen.yao@intel.com>; Ye, Ting <ting.ye@intel.com>; Fu,
> >> Siyuan <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> >> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS
> >> CipherList.
> >>
> >> Cc: Laszlo Ersek <lersek@redhat.com>
> >> Cc: Kinney Michael D <michael.d.kinney@intel.com>
> >> Cc: Zimmer Vincent <vincent.zimmer@intel.com>
> >> Cc: Yao Jiewen <jiewen.yao@intel.com>
> >> Cc: Ye Ting <ting.ye@intel.com>
> >> Cc: Fu Siyuan <siyuan.fu@intel.com>
> >> Contributed-under: TianoCore Contribution Agreement 1.0
> >> Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> >>
> >> Jiaxin Wu (2):
> >> NetworkPkg: Define one private variable for TLS CipherList
> >> configuration.
> >> NetworkPkg: Read TlsCipherList variable and configure it for HTTPS
> >> session.
> >>
> >> NetworkPkg/HttpDxe/HttpDriver.h | 3 +-
> >> NetworkPkg/HttpDxe/HttpDxe.inf | 3 +-
> >> NetworkPkg/HttpDxe/HttpsSupport.c | 92
> >> ++++++++++++++++++++++++++++++++-
> >> NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++
> >> NetworkPkg/NetworkPkg.dec | 3 ++
> >> 5 files changed, 136 insertions(+), 3 deletions(-)
> >> create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h
> >>
> >> --
> >> 1.9.5.msysgit.1
> >
next prev parent reply other threads:[~2018-02-11 2:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-09 3:59 [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList Jiaxin Wu
2018-02-09 3:59 ` [Patch 1/2] NetworkPkg: Define one private variable for TLS CipherList configuration Jiaxin Wu
2018-02-09 3:59 ` [Patch 2/2] NetworkPkg: Read TlsCipherList variable and configure it for HTTPS session Jiaxin Wu
2018-02-09 10:16 ` Laszlo Ersek
2018-02-11 2:45 ` Wu, Jiaxin
2018-02-09 5:22 ` [Patch 0/2] NetworkPkg: Support the platform to configure TLS CipherList Fu, Siyuan
2018-02-09 5:25 ` Wu, Jiaxin
2018-02-09 7:08 ` Li, Ruth
2018-02-09 7:10 ` Wu, Jiaxin
2018-02-09 10:11 ` Laszlo Ersek
2018-02-11 2:33 ` Wu, Jiaxin [this message]
2018-02-12 18:53 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=895558F6EA4E3B41AC93A00D163B727416381A30@SHSMSX103.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox