Hi, > > According to the mailing list discussion linked in > > <https://bugzilla.tianocore.org/show_bug.cgi?id=915#c8>, > > "TlsCipherMappingTable" should never offer *more* cipher suites than > > actually supported by OpensslLib (because then the TLS client might > > negotiate a cipher suite with the server that the client ultimately > > won't be able to support).
Hmm, maybe *that* is the problem. edk2 has its own crypto algo provider (CryptoPkg/Library/OpensslLib/OpensslStub/uefiprov.c) offering a limited set of ciphers to reduce the size of OpensslLib. This was added with the switch to openssl-3. > ... I wonder how TlsCipherMappingTable looks in Project Mu! mu_basecore (release/202302 which seems to be latest but doesn't include the openssl-3 switch) is identical to upstream edk2. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109187): https://edk2.groups.io/g/devel/message/109187 Mute This Topic: https://groups.io/mt/101613778/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-