Reviewed-By: Wu Jiaxin <jiaxin...@intel.com> Best Regards! Jiaxin
> -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Thomas Palmer > Sent: Tuesday, June 7, 2016 10:47 AM > To: edk2-devel@lists.01.org > Cc: Wu, Jiaxin <jiaxin...@intel.com> > Subject: [edk2] [PATCH] [edk2-staging/HTTPS-TLS][PATCH]: CryptoPkg/TlsLib: > Remove NULL cipher > > The term "NULL" refers to NULL-MD5, NULL-SHA and NULL-SHA256 when > used to set the SSL cipher list. As both MD5 and SHA variants are explicitly > listed in our code, I surmise enabling all three by setting the cipher list > to just > NULL was not the intended behavior. > This patch will remove NULL as an option for the cipher list and allow NULL- > SHA256 instead. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Thomas Palmer <thomas.pal...@hpe.com> > --- > CryptoPkg/Library/TlsLib/TlsLib.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c > b/CryptoPkg/Library/TlsLib/TlsLib.c > index 9f56b7a..b76dd20 100644 > --- a/CryptoPkg/Library/TlsLib/TlsLib.c > +++ b/CryptoPkg/Library/TlsLib/TlsLib.c > @@ -53,7 +53,6 @@ typedef struct { > // OpenSSL-used Cipher Suite name. > // > STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = { > - { 0x0000, "NULL" }, /// TLS_NULL_WITH_NULL_NULL > { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5 > { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA > { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5 > @@ -62,6 +61,7 @@ STATIC CONST TLS_CIPHER_PAIR > TlsCipherMappingTable[] = { > { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA > { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA > { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA > + { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256 > { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256 > { 0x003D, "AES256-SHA256" } /// TLS_RSA_WITH_AES_256_CBC_SHA256 > }; > -- > 1.9.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel