Post Reply 
 
Thread Rating:
  • 3 Vote(s) - 4.67 Average
  • 1
  • 2
  • 3
  • 4
  • 5
https errors - TLS ciphers [Operation not supported] fatal error 40
2018-07-01, 18:27
Post: #1
https errors - TLS ciphers [Operation not supported] fatal error 40
Hi There,

i come across more and more tls errors lately when using free webspace.

as ipxe only supports old ciphers
RSA_WITH_AES_256_CBC_SHA256,
RSA_WITH_AES_128_CBC_SHA256,
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA

i wonder if it is planned to add:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA)

anytime soon?
Visit this user's website Find all posts by this user
Quote this message in a reply
2018-07-02, 19:55
Post: #2
RE: https errors - TLS ciphers [Operation not supported] fatal error 40
Since this is on the more technical level, I would suggest posting this to the ipxe mailing list for it to better reach the right audience.

Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Quote this message in a reply
2018-09-10, 11:54
Post: #3
RE: https errors - TLS ciphers [Operation not supported] fatal error 40
Hi Jrsmile,
I'm in the same boat... we have Red Hat's OpenShift in our company which appears to serve HTTPS only through these ciphers.

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA
DES-CBC3-SHA

When I try and use ipxe (compiled to support DOWNLOAD_PROTO_HTTPS) I get the the same [Operation not supported] fatal error 40.

Since the documentation says only the following ciphers are supported:

RSA_WITH_AES_256_CBC_SHA256
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA

I'd like to add my voice to the wish for support of more modern ciphers. I'd love to hear that developers were working on this as it seems critical to ipxe's healthy future.

Cheers,

Doug
Find all posts by this user
Quote this message in a reply
2019-04-13, 02:48 (This post was last modified: 2019-04-13 03:14 by yiya1989.)
Post: #4
Can ipxe support the ECDHE for TLS?
http://ipxe.org/crypto

The exact list of supported cipher suites is
RSA_WITH_AES_256_CBC_SHA256,
RSA_WITH_AES_128_CBC_SHA256,
RSA_WITH_AES_256_CBC_SHA, and
RSA_WITH_AES_128_CBC_SHA.

but RSA_WITH_AES_xxx_CBC_SHAxx now is considered insecure algorithm, can ipxe support the ECDHE cipher suites?


I have saw the older thread, my question is same with this:
http://forum.ipxe.org/showthread.php?tid...ight=ECDHE
Find all posts by this user
Quote this message in a reply
2019-04-13, 03:12
Post: #5
RE: https errors - TLS ciphers [Operation not supported] fatal error 40
(2018-07-02 19:55)NiKiZe Wrote:  Since this is on the more technical level, I would suggest posting this to the ipxe mailing list for it to better reach the right audience.

Is it possible to add these ciphers ?
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)