[ipxe-devel] ECDHE_RSA cipher suites

LAU, ALOYSIUS al070e at att.com
Mon Jul 30 06:53:52 UTC 2018


Hi Michael,

I'm working on the ECDHE_RSA addition and will response to this email thread once I have the code for review.  Thank You for the information on the "NIST test vectors".

Regards,
Al Lau

-----Original Message-----
From: Michael Brown [mailto:mcb30 at ipxe.org] 
Sent: Sunday, July 29, 2018 6:00 AM
To: LAU, ALOYSIUS; ipxe-devel at lists.ipxe.org
Subject: Re: [ipxe-devel] ECDHE_RSA cipher suites

On 28/07/18 05:04, LAU, ALOYSIUS wrote:
> In our environment, the servers are using the **ECDHE_RSA** cipher suites.
> 
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
> 
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> 
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> 
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
> 
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> 
> In the source code that was cloned from “git clone 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__git.ipxe.org_ipxe.git&d=DwIDaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=lfdv1grHZA2JTnBl-scNiA&m=q6YG88l02Brb1gLoVRCABkCLASRibBYVFdlW_OZz-Y4&s=cBPkeCyQXahUuFuLBzeD0th320cmGRsycD5SADHl51s&e=” on 26-Jul-2018, I did not see the ECDHE 
> support.
> 
> I plan to add the ECDHE support in iPXE and test it in our environment.  
> Once I get it all tested, we will contribute the source code to the iPXE 
> project.  Would the iPXE’s gate keeper open to this proposal?

As long as it fits within the structure and style of the existing crypto 
code then yes, that would be a welcome addition.  Existing crypto code 
is extremely small, easily separable, has no external dependencies, and 
is covered by the published NIST test vectors for correctness.

Thanks,

Michael


More information about the ipxe-devel mailing list