[ipxe-devel] Error 410de18f

Michael Brown mcb30 at ipxe.org
Sun Aug 2 13:26:10 UTC 2015

On 01/08/15 16:14, Beima, Charlie wrote:
> IU uses a Brocade Stingray load balancer in front of their web server, both of which I do not manage, and I don't think the IU admins will wish to investigate this issue, so getting the server logs is going to be all but impossible. I was able to get things working via HTTP, but you narrowed it down to a TLSv1.2 handshake issue.

I have identified the root cause.  Your web server requires the use of 
SHA-384 (which is not one of the standard hash algorithms mandated by 
TLSv1.2), and is failing with iPXE for two reasons:

- iPXE does not include the (optional) signature_algorithms extension in 
the ClientHello.  This is now fixed in commit 

- iPXE does not support the use of the SHA-512 family (including 
SHA-384) for TLS

We do now have support for the SHA-512 family of digest algorithms in 
iPXE, since they were added to support PeerDist (BranchCache) content 
encoding.  There's a thread a few months ago where the option of 
supporting these for TLS was discussed:



More information about the ipxe-devel mailing list