aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-09-08 19:43:27 +0000
committerlloyd <[email protected]>2013-09-08 19:43:27 +0000
commite396ff94865ef360d602129432f7d3abf395c183 (patch)
tree15a2d2300fb6e42b504d8bd17d7bfaf54d50e116 /src/tls
parent6fba8f5d3f1da6360e585f1647924985cfd236ef (diff)
Add Brainpool curves to TLS, and prefer them by default.
Remove 224-bit NIST curve from default parameter list.
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tls_extensions.cpp12
-rw-r--r--src/tls/tls_policy.cpp3
2 files changed, 15 insertions, 0 deletions
diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp
index f3c0fc000..1ae9f1749 100644
--- a/src/tls/tls_extensions.cpp
+++ b/src/tls/tls_extensions.cpp
@@ -307,6 +307,12 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id)
return "secp384r1";
case 25:
return "secp521r1";
+ case 26:
+ return "brainpool256r1";
+ case 27:
+ return "brainpool384r1";
+ case 28:
+ return "brainpool512r1";
default:
return ""; // something we don't know or support
}
@@ -336,6 +342,12 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name)
return 24;
if(name == "secp521r1")
return 25;
+ if(name == "brainpool256r1")
+ return 26;
+ if(name == "brainpool384r1")
+ return 27;
+ if(name == "brainpool512r1")
+ return 28;
throw Invalid_Argument("name_to_curve_id unknown name " + name);
}
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 23d762825..289f228da 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -85,6 +85,9 @@ std::vector<std::string> Policy::allowed_signature_methods() const
std::vector<std::string> Policy::allowed_ecc_curves() const
{
return std::vector<std::string>({
+ "brainpool512r1",
+ "brainpool384r1",
+ "brainpool256r1",
"secp521r1",
"secp384r1",
"secp256r1",