The switch to https broke netboot.xyz

Question

The switch to https broke netboot.xyz

Opened this issue 5 years ago · 1 comments

Netboot.xyz uses mfsbsd to install FreeBSD over the network: https://github.com/antonym/netboot.xyz/blob/master/src/freebsd.ipxe

Unfortunately, trying to install FreeBSD via booting from https://boot.netboot.xyz fails now, with a "permission denied" error:

I have debugged this to the key exchange algorithm mismatch between what is supported by iPXE and what is offered by https://mfsbsd.vx.sk/ . Namely, iPXE only supports RSA-based key exchange, while your site offers ECDHE-based stuff. Please support one of the following key exchange methods:

Cipher Suites (4 suites)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

Answer 1 · 2023-08-31T08:15:21.000Z

This is still an issue today.