[ipxe-devel] [ipxe/ipxe] [tls] Add support for fragmented tls handshake packets (#116)

Christopher Odenbach notifications at github.com
Thu Mar 17 11:02:29 UTC 2022


> We applied this patch to our code base and it seemed to work fine. However, in the meantime I arrived at the same conclusion as described in [#116 (comment)](https://github.com/ipxe/ipxe/pull/116#issuecomment-862709507), reverted the patch and instead switched to the shorter Let's Encrypt certification chain: `R3 -> ISRG Root X1` instead of `R3 -> ISRG Root X1 -> DST Root CA X3`. Our certificate chain is now only 2887 bytes long although we use 4096-bit RSA keys. It is probably worth pointing out that linking to `DST Root CA X3` is kind of pointless as this root certificate expired `Thu, 30 Sep 2021 14:01:15 UTC`.

This may be a solution for you or other users of Let's Encrypt, but many other people have other long certificate chains, so we need a general solution. I cannot understand why this patch does not get merged.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/116#issuecomment-1070793352
You are receiving this because you commented.

Message ID: <ipxe/ipxe/pull/116/c1070793352 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20220317/bda90b94/attachment.htm>


More information about the ipxe-devel mailing list