iPXE discussion forum
Plea For Modern HTTPS Ciphers - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Plea For Modern HTTPS Ciphers (/showthread.php?tid=13280)



Plea For Modern HTTPS Ciphers - dscoular@gmail.com - 2018-09-28 06:04

Hi All,
Just trying to raise awareness of the importance of getting modern ciphers implemented for ipxe HTTPS.

We have Red Hat's OpenShift in our company which appears to serve HTTPS only through these ciphers.

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA
DES-CBC3-SHA

When I try and use ipxe (compiled to support DOWNLOAD_PROTO_HTTPS) to reference any of our servers I get the the "[Operation not supported] fatal error 40" error. I think this is because ipxe only supports some very outdated ciphers.

The ipxe documentation says only the following ciphers are supported:

RSA_WITH_AES_256_CBC_SHA256
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA

I just wanted to know if anyone is working on updating HTTPS to be able to talk a few more modern ciphers?

Cheers,

Doug


RE: Plea For Modern HTTPS Ciphers - NiKiZe - 2018-09-28 06:09

Closing, Duplicate of http://forum.ipxe.org/showthread.php?tid=11985, Please continue there.

Please keep it in the same place, Duplicate threads hurts both discussion and searchability.