Series Reviewed-By: Wu Jiaxin <jiaxin...@intel.com> Best Regards! Jiaxin
> -----Original Message----- > From: Thomas Palmer [mailto:thomas.pal...@hpe.com] > Sent: Friday, September 9, 2016 3:16 AM > To: edk2-devel@lists.01.org > Cc: Wu, Jiaxin <jiaxin...@intel.com>; joseph.shiffl...@hpe.com; Thomas > Palmer <thomas.pal...@hpe.com> > Subject: [PATCH v2 0/2][edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: > Version renegotiate > > The TLS protocol allows for clients and servers to negotiate which version of > TLS to use. Newer versions are deemed safer, so when they are available the > client and server should opt to use them. > > The EDK2 TLS code today only allows TLSv1.0 for TLS communication, > regardless of the target server's capabilities. In order to use the newer > protocols, we'll update the EDK2 TlsLib.c code to allow for TLS version > negotiation when a new TLS object is created. The TLS version specified in > TlsCtxNew will be the minimum version accepted. > > Because EDK2 is not yet using OpenSSL 1.1, we use SSL_set_options to > simulate SSL_CTX_set_min_proto_version. > > We'll leave the current "EfiTlsVersion" functionality intact, which will > restrict > which version of TLS to use and prevent negotiation. > > However, to demonstrate the TLS regotiation in this feature branch, we'll > remove the code that calls EfiTlsVersion in the HttpDxe module. > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Thomas Palmer (2): > [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: TLS Ver negotiate > [edk2-staging/HTTPS-TLS][PATCH]: NetworkPkg/HttpDxe: Unrestrict TLSv > > CryptoPkg/Library/TlsLib/TlsLib.c | 20 ++++++++++++++++---- > NetworkPkg/HttpDxe/HttpsSupport.c | 14 +------------- > 2 files changed, 17 insertions(+), 17 deletions(-) > > -- > 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
