[ipxe-devel] Error 410de18f
Michael Brown
mcb30 at ipxe.org
Sun Aug 2 16:17:03 UTC 2015
On 02/08/15 14:26, Michael Brown wrote:
> - iPXE does not include the (optional) signature_algorithms extension in
> the ClientHello. This is now fixed in commit
> http://git.ipxe.org/ipxe.git/commitdiff/fc7885e
>
> - iPXE does not support the use of the SHA-512 family (including
> SHA-384) for TLS
>
> We do now have support for the SHA-512 family of digest algorithms in
> iPXE, since they were added to support PeerDist (BranchCache) content
> encoding. There's a thread a few months ago where the option of
> supporting these for TLS was discussed:
>
> http://lists.ipxe.org/pipermail/ipxe-devel/2015-May/004228.html
I have pushed support for SHA-224, SHA-384 and SHA-512 in TLS:
http://git.ipxe.org/ipxe.git/commitdiff/b1caa48
The default is to include support for these algorithms, which adds
around 1.5kB to the binary size. To reduce this size impact, individual
algorithms can be disabled via config/crypto.h.
iPXE does now successfully download from https://economics.indiana.edu/boot
Michael
More information about the ipxe-devel
mailing list