diff options
| author | Jack Lloyd <[email protected]> | 2018-06-15 11:03:26 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-06-15 11:34:23 -0400 |
| commit | ca62786442635d3f35bff22d22c3dc5521a5c432 (patch) | |
| tree | 4d33c63c017e9f8ac052d04d61d849b0a36292ae /src/lib | |
| parent | ae9b7e89cf9b550e25f8eefa64d0b2733ff6f82e (diff) | |
TLS would try to negotiate x25519 even if disabled
Also reorder ECC groups to actually match performance
characteristics. I'm not sure when P-384 was slower than P-521
but it certainly isn't anymore.
Fixes #1607
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 7fd7af235..5e8150e4f 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -161,12 +161,16 @@ std::vector<Group_Params> Policy::key_exchange_groups() const { // Default list is ordered by performance return { + +#if defined(BOTAN_HAS_CURVE_25519) Group_Params::X25519, +#endif + Group_Params::SECP256R1, - Group_Params::SECP521R1, - Group_Params::SECP384R1, Group_Params::BRAINPOOL256R1, + Group_Params::SECP384R1, Group_Params::BRAINPOOL384R1, + Group_Params::SECP521R1, Group_Params::BRAINPOOL512R1, Group_Params::FFDHE_2048, |