[ipxe-devel] ECDHE_RSA cipher suites

Michael Brown mcb30 at ipxe.org
Sun Jul 29 13:00:25 UTC 2018


On 28/07/18 05:04, LAU, ALOYSIUS wrote:
> In our environment, the servers are using the **ECDHE_RSA** cipher suites.
> 
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
> 
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> 
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> 
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> 
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> 
> In the source code that was cloned from “git clone 
> http://git.ipxe.org/ipxe.git” on 26-Jul-2018, I did not see the ECDHE 
> support.
> 
> I plan to add the ECDHE support in iPXE and test it in our environment.  
> Once I get it all tested, we will contribute the source code to the iPXE 
> project.  Would the iPXE’s gate keeper open to this proposal?

As long as it fits within the structure and style of the existing crypto 
code then yes, that would be a welcome addition.  Existing crypto code 
is extremely small, easily separable, has no external dependencies, and 
is covered by the published NIST test vectors for correctness.

Thanks,

Michael



More information about the ipxe-devel mailing list