On 01/08/15 05:46, Beima, Charlie wrote:
I have iPXE working using “chain https://boot.ipxe.org/demo/boot.php”,
but when I try it on my site I get the following:
iPXE> chain https://economics.indiana.edu/boot
https://economics.indiana.edu/boot... Operation not permitted
(http://ipxe.org/410de18f)
iPXE>
The http://ipxe.org/err/410de1 error seems to indicate a TLS problem.
I’m using https://rom-o-matic.eu/ to build a x64 EFI image with HTTPS
added. The site uses a wildcard certificate. I would troubleshoot it
more but I can’t figure out how to enable debugging to the console.
I've tried fetching from your HTTPS URL using iPXE. The server is
rejecting the connection with a "Handshake Failure" alert immediately
upon receiving the ClientHello (which is the first message sent in an
HTTPS connection).
If I downgrade iPXE to use TLSv1.1 instead of TLSv1.2, the server does
not reject the connection. However, the server is happy to negotiate
TLSv1.2 with other clients.
I have not identified precisely what it is about iPXE's ClientHello that
the server does not like. Could you check the server logs (and increase
the server log level if necessary) to find out what is causing the error?
Thanks,
Michael
_______________________________________________
ipxe-devel mailing list
ipxe-devel@lists.ipxe.org
https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
