aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/manual/tls.rst5
-rw-r--r--src/lib/tls/tls_policy.cpp10
2 files changed, 9 insertions, 6 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 973b8ff0f..8508b0a70 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -607,9 +607,10 @@ policy settings from a file.
.. cpp:function:: std::vector<std::string> allowed_ecc_curves() const
Return a list of ECC curves we are willing to use, in order of preference.
+ The default ordering puts the best performing ECC first.
- Default: "brainpool512r1", "secp521r1", "brainpool384r1",
- "secp384r1", "brainpool256r1", "secp256r1", "x25519"
+ Default: "x25519", "secp256r1", "secp521r1", "secp384r1",
+ "brainpool256r1", "brainpool384r1", "brainpool512r1"
No other values are currently defined.
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 1bb0951bb..49a8ad1fc 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -95,14 +95,16 @@ bool Policy::allowed_signature_method(const std::string& sig_method) const
std::vector<std::string> Policy::allowed_ecc_curves() const
{
+ // Default list is ordered by performance
+
return {
- "brainpool512r1",
+ "x25519",
+ "secp256r1",
"secp521r1",
- "brainpool384r1",
"secp384r1",
"brainpool256r1",
- "secp256r1",
- "x25519",
+ "brainpool384r1",
+ "brainpool512r1",
};
}