>From what you describe, it sounds like they should not have an issue >negotiating TLS version and cipher.
Do you have the appropriate certificate installed in UEFI for the target TLS server? Either we need the 3rd part CA that signed the web server certificate, or you could install the self-signed certificate of the web server. Also, are you able to see the any DEBUG statements from TlsLib.c? Regards, Thomas Palmer "I have only made this letter longer because I have not had the time to make it shorter" - Blaise Pascal -----Original Message----- From: Santhapur Naveen [mailto:nave...@amiindia.co.in] Sent: Wednesday, September 21, 2016 8:09 AM To: Palmer, Thomas <thomas.pal...@hpe.com>; edk2-devel@lists.01.org Subject: RE: Issues with HTTPS Boot Hi Thomas, Regarding my previous mail, after TCP handshake, Client Says Hello to sever and the Server replies its Hello to the client with TLSv1. Client says hello with the following Cipher Suites: 1. TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) 2. TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) 3. TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) 4. TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) 5. TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) For the Client Hello, Server responds with its Hello and chooses TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) using TLSv1. The client sends an acknowledgement to the server and then immediately sends RST. After some debugging, it was found that it fails in TlsConnectSession(). Would you please provide your comments on this? Thanks, Naveen -----Original Message----- From: Palmer, Thomas [mailto:thomas.pal...@hpe.com] Sent: Tuesday, September 20, 2016 9:30 PM To: Santhapur Naveen; edk2-devel@lists.01.org Subject: RE: Issues with HTTPS Boot Naveen, I cannot see attachments on this email. What TLS versions and ciphers does your web server support? Depending on when you built the UEFI image, your server may need to have TLS v1.0 enabled and support one of the non-SHA256 ciphers listed at the top of TlsLib.c. Regards, Thomas Palmer "I have only made this letter longer because I have not had the time to make it shorter" - Blaise Pascal -----Original Message----- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Santhapur Naveen Sent: Tuesday, September 20, 2016 6:42 AM To: edk2-devel@lists.01.org Subject: [edk2] Issues with HTTPS Boot Hello All, Since the HTTPS Boot came into picture, I was very enthusiastic to try it. I configured the server as-is explained in the white paper https://github.com/tianocore/tianocore.github.io/wiki/EDK%20II%20White%20papers But when I try to go for an HTTPS boot, it stops after the TCP handshake. Attached is the Wireshark log. Please help me out and also let me know if any other details are needed. Thank you, Naveen _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
