Hi, I've noticed that setting chipers for TLS stopped working in ovmf, most likely due to the openssl 3.0 update.
Test case: try http boot from https server, set ciphers on the qemu command line using: -object tls-cipher-suites,id=tls-cipher0,priority=@SYSTEM -fw_cfg name=etc/edk2/https/ciphers,gen_id=tls-cipher0 OvmfPkg/Library/TlsAuthConfigLib will read it from fwcfg and set EDKII_HTTP_TLS_CIPHER_LIST_VARIABLE. CryptoPkg/Library/TlsLib/TlsConfig.c will read the variable, map the IDs to strings and call SSL_set_cipher_list() with the result. Later on the tls handshake fails. From the log: [ ... ] TlsDxe:TlsSetCipherList: CipherString={ ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GC M-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-A ES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-DES-CBC3-SHA } [ ... ] TlsDoHandshake SSL_HANDSHAKE_ERROR State=0x10 SSL_ERROR_SSL TlsDoHandshake ERROR 0x308010C=L6:R8010C TlsDoHandshake ERROR 0xA0C0103=L14:RC0103 [ ... ] take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109114): https://edk2.groups.io/g/devel/message/109114 Mute This Topic: https://groups.io/mt/101613778/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-