TLS would try to negotiate x25519 even if disabled

Also reorder ECC groups to actually match performance
characteristics. I'm not sure when P-384 was slower than P-521
but it certainly isn't anymore.

Fixes #1607

4 files changed, 10 insertions, 4 deletions

diff --git a/src/tests/data/tls-policy/datagram.txt b/src/tests/data/tls-policy/datagram.txt
index d6071a906..9006c6e87 100644
--- a/src/tests/data/tls-policy/datagram.txt
+++ b/src/tests/data/tls-policy/datagram.txt
@@ -8,7 +8,7 @@ macs = AEAD
 signature_hashes = SHA-512 SHA-384 SHA-256
 signature_methods = ECDSA RSA
 key_exchange_methods = CECPQ1 ECDH DH
-key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
+key_exchange_groups = x25519 secp256r1 brainpool256r1 secp384r1 brainpool384r1 secp521r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
diff --git a/src/tests/data/tls-policy/default.txt b/src/tests/data/tls-policy/default.txt
index 0cf3dbbf8..5ed7890c6 100644
--- a/src/tests/data/tls-policy/default.txt
+++ b/src/tests/data/tls-policy/default.txt
@@ -8,7 +8,7 @@ macs = AEAD SHA-256 SHA-384 SHA-1
 signature_hashes = SHA-512 SHA-384 SHA-256
 signature_methods = ECDSA RSA
 key_exchange_methods = CECPQ1 ECDH DH
-key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
+key_exchange_groups = x25519 secp256r1 brainpool256r1 secp384r1 brainpool384r1 secp521r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
diff --git a/src/tests/data/tls-policy/strict.txt b/src/tests/data/tls-policy/strict.txt
index 7cb55bb83..a79f175f5 100644
--- a/src/tests/data/tls-policy/strict.txt
+++ b/src/tests/data/tls-policy/strict.txt
@@ -8,7 +8,7 @@ macs = AEAD
 signature_hashes = SHA-512 SHA-384
 signature_methods = ECDSA RSA
 key_exchange_methods = CECPQ1 ECDH
-key_exchange_groups = x25519 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
+key_exchange_groups = x25519 secp256r1 brainpool256r1 secp384r1 brainpool384r1 secp521r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
diff --git a/src/tests/test_tls.cpp b/src/tests/test_tls.cpp
index b43a39066..1f44d76a5 100644
--- a/src/tests/test_tls.cpp
+++ b/src/tests/test_tls.cpp
@@ -281,7 +281,13 @@ class Test_TLS_Policy_Text : public Test
          for(std::string policy : policies)
             {
             const std::string from_policy_obj = tls_policy_string(policy);
-            const std::string from_file = read_tls_policy(policy);
+            std::string from_file = read_tls_policy(policy);
+
+#if !defined(BOTAN_HAS_CURVE_25519)
+            auto pos = from_file.find("x25519 ");
+            if(pos != std::string::npos)
+               from_file = from_file.replace(pos, 7, "");
+#endif
 
             result.test_eq("Values for TLS " + policy + " policy", from_file, from_policy_obj);
             }