Hi Laszlo, Besides the compatibility consideration, we'd better *not* put CipherList and CaCertificate into one variable. In the future, we prefer to manage the CaCertificate with other cert configuration items together (e.g. HostPublicCert, HostPrivateCert, etc ) rather than the parameters like CipherList. You know we can't save the host cert pairs as variable due to the security consideration.
So, case by case, let's keep current solution to define the variable named as "HttpTlsCipherList". Thanks, Jiaxin > -----Original Message----- > From: Laszlo Ersek [mailto:ler...@redhat.com] > Sent: Friday, February 9, 2018 6:12 PM > To: Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>; > edk2-devel@lists.01.org > Cc: Kinney, Michael D <michael.d.kin...@intel.com>; Zimmer, Vincent > <vincent.zim...@intel.com>; Yao, Jiewen <jiewen....@intel.com>; Ye, > Ting <ting...@intel.com> > Subject: Re: [Patch 0/2] NetworkPkg: Support the platform to configure TLS > CipherList. > > On 02/09/18 06:22, Fu, Siyuan wrote: > > Hi, Jiaxin > > > > I think we can remove the "TlsCipherList.h" to another name like > > "HttpTlsCipherListVariable.h" to highlight that the variable is only > > used for HTTP configuration. And also the variable name and GUID > > name. > If we are renaming gEfiTlsCaCertificateGuid, can we pick a generic term > as new name, something like "gHttpTlsVariableGuid"? And then put both > variables, the CA List and the Cipher List, in that (same) namespace GUID? > > It's not that we'll run out of GUIDs any time soon :) , but I think > these variables belong closely together. > > Thanks, > Laszlo > > >> -----Original Message----- > >> From: Wu, Jiaxin > >> Sent: Friday, February 9, 2018 12:00 PM > >> To: edk2-devel@lists.01.org > >> Cc: Laszlo Ersek <ler...@redhat.com>; Kinney, Michael D > >> <michael.d.kin...@intel.com>; Zimmer, Vincent > <vincent.zim...@intel.com>; > >> Yao, Jiewen <jiewen....@intel.com>; Ye, Ting <ting...@intel.com>; Fu, > >> Siyuan <siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com> > >> Subject: [Patch 0/2] NetworkPkg: Support the platform to configure TLS > >> CipherList. > >> > >> Cc: Laszlo Ersek <ler...@redhat.com> > >> Cc: Kinney Michael D <michael.d.kin...@intel.com> > >> Cc: Zimmer Vincent <vincent.zim...@intel.com> > >> Cc: Yao Jiewen <jiewen....@intel.com> > >> Cc: Ye Ting <ting...@intel.com> > >> Cc: Fu Siyuan <siyuan...@intel.com> > >> Contributed-under: TianoCore Contribution Agreement 1.0 > >> Signed-off-by: Wu Jiaxin <jiaxin...@intel.com> > >> > >> Jiaxin Wu (2): > >> NetworkPkg: Define one private variable for TLS CipherList > >> configuration. > >> NetworkPkg: Read TlsCipherList variable and configure it for HTTPS > >> session. > >> > >> NetworkPkg/HttpDxe/HttpDriver.h | 3 +- > >> NetworkPkg/HttpDxe/HttpDxe.inf | 3 +- > >> NetworkPkg/HttpDxe/HttpsSupport.c | 92 > >> ++++++++++++++++++++++++++++++++- > >> NetworkPkg/Include/Guid/TlsCipherList.h | 38 ++++++++++++++ > >> NetworkPkg/NetworkPkg.dec | 3 ++ > >> 5 files changed, 136 insertions(+), 3 deletions(-) > >> create mode 100644 NetworkPkg/Include/Guid/TlsCipherList.h > >> > >> -- > >> 1.9.5.msysgit.1 > > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
