[ipxe-devel] Error 410de18f

Michael Brown mcb30 at ipxe.org
Sun Aug 2 16:17:03 UTC 2015

On 02/08/15 14:26, Michael Brown wrote:
> - iPXE does not include the (optional) signature_algorithms extension in
> the ClientHello.  This is now fixed in commit
> http://git.ipxe.org/ipxe.git/commitdiff/fc7885e
> - iPXE does not support the use of the SHA-512 family (including
> SHA-384) for TLS
> We do now have support for the SHA-512 family of digest algorithms in
> iPXE, since they were added to support PeerDist (BranchCache) content
> encoding.  There's a thread a few months ago where the option of
> supporting these for TLS was discussed:
>    http://lists.ipxe.org/pipermail/ipxe-devel/2015-May/004228.html

I have pushed support for SHA-224, SHA-384 and SHA-512 in TLS:


The default is to include support for these algorithms, which adds 
around 1.5kB to the binary size.  To reduce this size impact, individual 
algorithms can be disabled via config/crypto.h.

iPXE does now successfully download from https://economics.indiana.edu/boot


More information about the ipxe-devel mailing list