Hi, > However, I do have concern for crypto package to enable ECC *unconditionally*. > I am not convinced that "EC is hard requirement for EDKII" just because "EC > is a hard requirement for TLS 1.3". My reason below: > A) TLS1.3 is only for DXE, but enabling ECC unconditionally may impact > PEI/DXE. (Unless size of PEI/SMM is unchanged).
Well, the PcdEcEnabled switch we have in the tree right now enables or disables EC for everybody, it doesn't support enabling EC for DXE only. In we want change that we'll need two different *.inf files I guess, one for openssl with ec and one for openssl without ec. I'll check the effect on image sizes. > C) TLS1.3 is not a mandatory requirement. TLS1.2 can still be used. Yes, today this isn't much of a problem. But I expect that will change in the future as browsers fade out support for older TLS versions to improve security. Recent firefox versions have TLS 1.0 and 1.1 disabled by default. So while this isn't urgent it is still something we should consider and keep on our radar. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89528): https://edk2.groups.io/g/devel/message/89528 Mute This Topic: https://groups.io/mt/90832153/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
