[ipxe-devel] ECDHE_RSA cipher suites
LAU, ALOYSIUS
al070e at att.com
Mon Jul 30 06:53:52 UTC 2018
Hi Michael,
I'm working on the ECDHE_RSA addition and will response to this email thread once I have the code for review. Thank You for the information on the "NIST test vectors".
Regards,
Al Lau
-----Original Message-----
From: Michael Brown [mailto:mcb30 at ipxe.org]
Sent: Sunday, July 29, 2018 6:00 AM
To: LAU, ALOYSIUS; ipxe-devel at lists.ipxe.org
Subject: Re: [ipxe-devel] ECDHE_RSA cipher suites
On 28/07/18 05:04, LAU, ALOYSIUS wrote:
> In our environment, the servers are using the **ECDHE_RSA** cipher suites.
>
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
>
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>
> In the source code that was cloned from “git clone
> https://urldefense.proofpoint.com/v2/url?u=http-3A__git.ipxe.org_ipxe.git&d=DwIDaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=lfdv1grHZA2JTnBl-scNiA&m=q6YG88l02Brb1gLoVRCABkCLASRibBYVFdlW_OZz-Y4&s=cBPkeCyQXahUuFuLBzeD0th320cmGRsycD5SADHl51s&e=” on 26-Jul-2018, I did not see the ECDHE
> support.
>
> I plan to add the ECDHE support in iPXE and test it in our environment.
> Once I get it all tested, we will contribute the source code to the iPXE
> project. Would the iPXE’s gate keeper open to this proposal?
As long as it fits within the structure and style of the existing crypto
code then yes, that would be a welcome addition. Existing crypto code
is extremely small, easily separable, has no external dependencies, and
is covered by the published NIST test vectors for correctness.
Thanks,
Michael
More information about the ipxe-devel
mailing list