mirror of
https://github.com/ipxe/ipxe
synced 2026-06-29 00:07:28 +03:00
Michael Brown
bbb6477be3
We do not currently perform any validation on the DHE field prime or generator. RFC 7919 defines a family of known-safe finite fields, and TLS version 1.3 completely removes the ability to provide an explicit field prime and generator. Verify that the field prime and generator correspond to one of the explicitly configured groups. This may break connections to the (now very rare) TLS servers that use custom FFDHE groups and that choose to use DHE rather than ECDHE (or that do not support ECDHE). We already advertise ECDHE cipher suites as preferred over DHE cipher suites, and advertise all ECDHE groups as preferred over all FFDHE groups. It is therefore very unlikely that this change will cause any issues in practice. Signed-off-by: Michael Brown <mcb30@ipxe.org>
iPXE network bootloader
iPXE is the leading open source network boot firmware. It provides a full PXE implementation enhanced with additional features such as:
-
boot from a web server via HTTP or HTTPS,
-
boot from an iSCSI, FCoE, or AoE SAN,
-
control the boot process with a script,
You can use iPXE to replace the existing PXE ROM on your network card, or you can chainload into iPXE to obtain the features of iPXE without the hassle of reflashing.
iPXE is free, open-source software licensed under the GNU GPL (with some portions under GPL-compatible licences).
You can download the rolling release binaries (built from the latest commit), or use the most recent stable release.
For full documentation, visit the iPXE website.