Hacker News new | ask | show | jobs
by naturalmovement 3 days ago
I can guarantee you with nearly 100% certainty that UEFI TLS clients are bound to be buggy garbage broken in not-insignificant ways.
2 comments
nijave 3 days ago
From the article, it's using OpenSSL in EDK II

In fact, a whole section of the article is dedicated to talking about how they got tripped up by OpenSSL security level 3 rejecting 2048 bit RSA key

link
bigfatkitten 3 days ago
The IP stack and HTTP clients are problematic enough without adding the enormous complexity of a TLS implementation on top.
link
naturalmovement 3 days ago
They have a hard enough time managing the relatively few certificates for secure boot.

You want me to believe all the various BIOS manufacturers are going to competently manage a WebPKI root certificate program?

link