Re: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: Version renegotiate


Wu, Jiaxin <jiaxin.wu@...>
 

Series Reviewed-By: Wu Jiaxin <jiaxin.wu@...>

Best Regards!
Jiaxin

-----Original Message-----
From: Thomas Palmer [mailto:thomas.palmer@...]
Sent: Friday, September 9, 2016 3:16 AM
To: edk2-devel@...
Cc: Wu, Jiaxin <jiaxin.wu@...>; joseph.shifflett@...; Thomas
Palmer <thomas.palmer@...>
Subject: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib:
Version renegotiate

The TLS protocol allows for clients and servers to negotiate which version of
TLS to use. Newer versions are deemed safer, so when they are available the
client and server should opt to use them.

The EDK2 TLS code today only allows TLSv1.0 for TLS communication,
regardless of the target server's capabilities. In order to use the newer
protocols, we'll update the EDK2 TlsLib.c code to allow for TLS version
negotiation when a new TLS object is created. The TLS version specified in
TlsCtxNew will be the minimum version accepted.

Because EDK2 is not yet using OpenSSL 1.1, we use SSL_set_options to
simulate SSL_CTX_set_min_proto_version.

We'll leave the current "EfiTlsVersion" functionality intact, which will restrict
which version of TLS to use and prevent negotiation.

However, to demonstrate the TLS regotiation in this feature branch, we'll
remove the code that calls EfiTlsVersion in the HttpDxe module.

Contributed-under: TianoCore Contribution Agreement 1.0

Thomas Palmer (2):
[edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: TLS Ver negotiate
[edk2-staging/HTTPS-TLS][PATCH]: NetworkPkg/HttpDxe: Unrestrict TLSv

CryptoPkg/Library/TlsLib/TlsLib.c | 20 ++++++++++++++++----
NetworkPkg/HttpDxe/HttpsSupport.c | 14 +-------------
2 files changed, 17 insertions(+), 17 deletions(-)

--
2.7.4

Join devel@edk2.groups.io to automatically receive all group messages.