https errors - TLS ciphers [Operation not supported] fatal error 40
|
2018-07-01, 18:27
Post: #1
|
|||
|
|||
https errors - TLS ciphers [Operation not supported] fatal error 40
Hi There,
i come across more and more tls errors lately when using free webspace. as ipxe only supports old ciphers RSA_WITH_AES_256_CBC_SHA256, RSA_WITH_AES_128_CBC_SHA256, RSA_WITH_AES_256_CBC_SHA RSA_WITH_AES_128_CBC_SHA i wonder if it is planned to add: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) anytime soon? |
|||
2018-07-02, 19:55
Post: #2
|
|||
|
|||
RE: https errors - TLS ciphers [Operation not supported] fatal error 40
Since this is on the more technical level, I would suggest posting this to the ipxe mailing list for it to better reach the right audience.
Use GitHub Discussions VRAM bin |
|||
2018-09-10, 11:54
Post: #3
|
|||
|
|||
RE: https errors - TLS ciphers [Operation not supported] fatal error 40
Hi Jrsmile,
I'm in the same boat... we have Red Hat's OpenShift in our company which appears to serve HTTPS only through these ciphers. ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA AES256-GCM-SHA384 AES256-SHA256 AES256-SHA CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA AES128-GCM-SHA256 AES128-SHA256 AES128-SHA CAMELLIA128-SHA DES-CBC3-SHA When I try and use ipxe (compiled to support DOWNLOAD_PROTO_HTTPS) I get the the same [Operation not supported] fatal error 40. Since the documentation says only the following ciphers are supported: RSA_WITH_AES_256_CBC_SHA256 RSA_WITH_AES_128_CBC_SHA256 RSA_WITH_AES_256_CBC_SHA RSA_WITH_AES_128_CBC_SHA I'd like to add my voice to the wish for support of more modern ciphers. I'd love to hear that developers were working on this as it seems critical to ipxe's healthy future. Cheers, Doug |
|||
2019-04-13, 02:48
(This post was last modified: 2019-04-13 03:14 by yiya1989.)
Post: #4
|
|||
|
|||
Can ipxe support the ECDHE for TLS?
http://ipxe.org/crypto
The exact list of supported cipher suites is RSA_WITH_AES_256_CBC_SHA256, RSA_WITH_AES_128_CBC_SHA256, RSA_WITH_AES_256_CBC_SHA, and RSA_WITH_AES_128_CBC_SHA. but RSA_WITH_AES_xxx_CBC_SHAxx now is considered insecure algorithm, can ipxe support the ECDHE cipher suites? I have saw the older thread, my question is same with this: http://forum.ipxe.org/showthread.php?tid...ight=ECDHE |
|||
2019-04-13, 03:12
Post: #5
|
|||
|
|||
RE: https errors - TLS ciphers [Operation not supported] fatal error 40 | |||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)