Thread Closed 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Plea For Modern HTTPS Ciphers
2018-09-28, 06:04
Post: #1
Plea For Modern HTTPS Ciphers
Hi All,
Just trying to raise awareness of the importance of getting modern ciphers implemented for ipxe HTTPS.

We have Red Hat's OpenShift in our company which appears to serve HTTPS only through these ciphers.

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA
DES-CBC3-SHA

When I try and use ipxe (compiled to support DOWNLOAD_PROTO_HTTPS) to reference any of our servers I get the the "[Operation not supported] fatal error 40" error. I think this is because ipxe only supports some very outdated ciphers.

The ipxe documentation says only the following ciphers are supported:

RSA_WITH_AES_256_CBC_SHA256
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA

I just wanted to know if anyone is working on updating HTTPS to be able to talk a few more modern ciphers?

Cheers,

Doug
Find all posts by this user
2018-09-28, 06:09
Post: #2
RE: Plea For Modern HTTPS Ciphers
Closing, Duplicate of http://forum.ipxe.org/showthread.php?tid=11985, Please continue there.

Please keep it in the same place, Duplicate threads hurts both discussion and searchability.

Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Thread Closed 




User(s) browsing this thread: 2 Guest(s)