aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-19 05:36:11 -0500
committerJack Lloyd <[email protected]>2016-11-19 05:36:11 -0500
commit137a08ff71778ebb6e6eeb1b4aaeea9ab659f5f6 (patch)
treed7cebe175383e06d1f1b875d2ce4c4071b012f90 /doc
parent9a4a639fa3586a5ec10444d0fc26049bd9c3b707 (diff)
Order default TLS ECC curve preferences by performance
Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
Diffstat (limited to 'doc')
-rw-r--r--doc/manual/tls.rst5
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 973b8ff0f..8508b0a70 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -607,9 +607,10 @@ policy settings from a file.
.. cpp:function:: std::vector<std::string> allowed_ecc_curves() const
Return a list of ECC curves we are willing to use, in order of preference.
+ The default ordering puts the best performing ECC first.
- Default: "brainpool512r1", "secp521r1", "brainpool384r1",
- "secp384r1", "brainpool256r1", "secp256r1", "x25519"
+ Default: "x25519", "secp256r1", "secp521r1", "secp384r1",
+ "brainpool256r1", "brainpool384r1", "brainpool512r1"
No other values are currently defined.