diff options
author | lloyd <[email protected]> | 2013-09-08 19:43:27 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2013-09-08 19:43:27 +0000 |
commit | e396ff94865ef360d602129432f7d3abf395c183 (patch) | |
tree | 15a2d2300fb6e42b504d8bd17d7bfaf54d50e116 /src/tls | |
parent | 6fba8f5d3f1da6360e585f1647924985cfd236ef (diff) |
Add Brainpool curves to TLS, and prefer them by default.
Remove 224-bit NIST curve from default parameter list.
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tls_extensions.cpp | 12 | ||||
-rw-r--r-- | src/tls/tls_policy.cpp | 3 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index f3c0fc000..1ae9f1749 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -307,6 +307,12 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id) return "secp384r1"; case 25: return "secp521r1"; + case 26: + return "brainpool256r1"; + case 27: + return "brainpool384r1"; + case 28: + return "brainpool512r1"; default: return ""; // something we don't know or support } @@ -336,6 +342,12 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) return 24; if(name == "secp521r1") return 25; + if(name == "brainpool256r1") + return 26; + if(name == "brainpool384r1") + return 27; + if(name == "brainpool512r1") + return 28; throw Invalid_Argument("name_to_curve_id unknown name " + name); } diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 23d762825..289f228da 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -85,6 +85,9 @@ std::vector<std::string> Policy::allowed_signature_methods() const std::vector<std::string> Policy::allowed_ecc_curves() const { return std::vector<std::string>({ + "brainpool512r1", + "brainpool384r1", + "brainpool256r1", "secp521r1", "secp384r1", "secp256r1", |