search

ssllabs / ssllabs-scan

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
https://www.ssllabs.com/projects/ssllabs-apis/
Apache License 2.0
1.7k stars 241 forks source link

Please support testing IPXE handshake #748

Open patrakov opened 5 years ago

patrakov commented 5 years ago

Please add IPXE to the list of clients whose handshakes are simulated. Attached is a zipped (because of GitHub file extension filter) PCAP of the Client Hello message sent by this client. ipxe-client-hello.pcap.zip

naumanshah03 commented 5 years ago

@patrakov Could you please share more details about IPXE and why adding its simulation to SSL Labs would be helpful

We will also look at whether it is needed by other users

patrakov commented 5 years ago

http://ipxe.org/

It supports HTTPS when downloading kernels and other boot images, and it is a strange client with a limited set of supported ciphersuites.

Why it would be helpful - don't know.

Well, right now installation of FreeBSD via netboot.xyz is broken, because of zero overlap of supported ciphers between the https server on mfsbsd.vx.sk and IPXE, but with a confusing "permission denied" error. And in the future "test the distribution mirror on ssl labs" would be a simple-enough instruction for troubleshooting this class of problems.