From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by ml01.01.org (Postfix) with ESMTP id B8EA41A1E06 for ; Sun, 31 Jul 2016 18:48:25 -0700 (PDT) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga102.jf.intel.com with ESMTP; 31 Jul 2016 18:48:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.28,453,1464678000"; d="scan'208";a="1005991714" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga001.jf.intel.com with ESMTP; 31 Jul 2016 18:48:25 -0700 Received: from fmsmsx151.amr.corp.intel.com (10.18.125.4) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 31 Jul 2016 18:48:19 -0700 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX151.amr.corp.intel.com (10.18.125.4) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sun, 31 Jul 2016 18:48:13 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.181]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.150]) with mapi id 14.03.0248.002; Mon, 1 Aug 2016 09:48:08 +0800 From: "Long, Qin" To: "Wu, Jiaxin" , "Palmer, Thomas" , "edk2-devel@lists.01.org" CC: "Ye, Ting" , "Fu, Siyuan" , "Gao, Liming" Thread-Topic: [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions with the standardized one Thread-Index: AQHR3ZPC2hroSCc030eQHf5GuV9O+KAwDRGAgALYBICAAIouUA== Date: Mon, 1 Aug 2016 01:48:08 +0000 Message-ID: References: <1468475478-145272-1-git-send-email-jiaxin.wu@intel.com> <895558F6EA4E3B41AC93A00D163B7274137C2D07@SHSMSX103.ccr.corp.intel.com> In-Reply-To: <895558F6EA4E3B41AC93A00D163B7274137C2D07@SHSMSX103.ccr.corp.intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions with the standardized one X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Aug 2016 01:48:25 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I personally prefer to keep the current supported cipher suite for our UEFI= -TLS enabling. We can have the full RFC definitions, and platform specific = cipher sets for validation now. It's better to maintain one minimal scope i= n this phase. "enable-weak-ssl-ciphers" looks odd. Disabling weak ciphers is the recommen= dation for hardening SSL communications. For other ciphers (idea, dsa, etc), we can enable them step-by-step dependi= ng on the real requirements.=20 Best Regards & Thanks, LONG, Qin > -----Original Message----- > From: Wu, Jiaxin > Sent: Monday, August 01, 2016 9:23 AM > To: Palmer, Thomas; Long, Qin; edk2-devel@lists.01.org > Cc: Ye, Ting; Fu, Siyuan; Gao, Liming > Subject: RE: [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions w= ith > the standardized one >=20 > Thomas, > I agree some of them are not supported due to the UEFI OpenSSL > configuration, but it doesn't affect those mapping relationship added in = the > patch. So, I have no strong opinion whether to support it by modifying th= e > current OpenSSL configuration. Since Qin is the OpenSSL expert, I'd like = to > hear his views. >=20 > Qin, > What's your opinion? >=20 > Thanks. > Jiaxin >=20 > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Palmer, Thomas > > Sent: Saturday, July 30, 2016 6:03 AM > > To: Wu, Jiaxin ; edk2-devel@lists.01.org > > Cc: Ye, Ting ; Fu, Siyuan ; > > Gao, Liming ; Long, Qin > > Subject: Re: [edk2] [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS > > definitions with the standardized one > > > > Jiaxin, > > > > UEFI's OpenSSL library does not support all the ciphers that were > > added in your patch due to the UEFI configuration. We need to remove > > "no- idea" and "no-dsa" from the process_files.sh and add > > "enable-weak-ssl- ciphers" > > > > While we are modifying process_files.sh, we can remove "no- > pqueue" > > from process_files.sh so that OpensslLib.inf is in sync. > > > > I can send out a patch to do so if you wish. > > > > Thomas > > > > -----Original Message----- > > From: Jiaxin Wu [mailto:jiaxin.wu@intel.com] > > Sent: Thursday, July 14, 2016 12:51 AM > > To: edk2-devel@lists.01.org > > Cc: Liming Gao ; Palmer, Thomas > > ; Long Qin ; Ye Ting > > ; Fu Siyuan ; Wu Jiaxin > > > > Subject: [staging/HTTPS-TLS][PATCH 0/4] Replace the TLS definitions > > with the standardized one > > > > The series patches are used to replace the TLS definitions with the > > standardized one. In addition, more TLS cipher suite mapping between > > Cipher Suite definitions and OpenSSL-used Cipher Suite name are added. > > > > Cc: Liming Gao > > Cc: Palmer Thomas > > Cc: Long Qin > > Cc: Ye Ting > > Cc: Fu Siyuan > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Wu Jiaxin > > Signed-off-by: Jiaxin Wu > > > > Jiaxin Wu (4): > > MdePkg: Add a header to standardize TLS definitions > > CryptoPkg: Add more TLS cipher suite mapping > > NetworkPkg/TlsDxe: Replace the definitions with the standardized one > > NetworkPkg/HttpDxe: Replace the definitions with the standardized > > one > > > > CryptoPkg/Library/TlsLib/TlsLib.c | 3585 ++++++++++++++++--------= ------ > -- > > MdePkg/Include/IndustryStandard/Tls1.h | 93 + > > NetworkPkg/HttpDxe/HttpDriver.h | 2 + > > NetworkPkg/HttpDxe/HttpProto.c | 12 +- > > NetworkPkg/HttpDxe/HttpsSupport.c | 22 +- > > NetworkPkg/HttpDxe/HttpsSupport.h | 44 - > > NetworkPkg/TlsDxe/TlsImpl.c | 56 +- > > NetworkPkg/TlsDxe/TlsImpl.h | 30 +- > > NetworkPkg/TlsDxe/TlsProtocol.c | 2 +- > > 9 files changed, 1945 insertions(+), 1901 deletions(-) create mode > > 100644 MdePkg/Include/IndustryStandard/Tls1.h > > > > -- > > 1.9.5.msysgit.1 > > > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel