diff options
-rw-r--r-- | doc/manual/tls.rst | 5 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 10 |
2 files changed, 9 insertions, 6 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 973b8ff0f..8508b0a70 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -607,9 +607,10 @@ policy settings from a file. .. cpp:function:: std::vector<std::string> allowed_ecc_curves() const Return a list of ECC curves we are willing to use, in order of preference. + The default ordering puts the best performing ECC first. - Default: "brainpool512r1", "secp521r1", "brainpool384r1", - "secp384r1", "brainpool256r1", "secp256r1", "x25519" + Default: "x25519", "secp256r1", "secp521r1", "secp384r1", + "brainpool256r1", "brainpool384r1", "brainpool512r1" No other values are currently defined. diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 1bb0951bb..49a8ad1fc 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -95,14 +95,16 @@ bool Policy::allowed_signature_method(const std::string& sig_method) const std::vector<std::string> Policy::allowed_ecc_curves() const { + // Default list is ordered by performance + return { - "brainpool512r1", + "x25519", + "secp256r1", "secp521r1", - "brainpool384r1", "secp384r1", "brainpool256r1", - "secp256r1", - "x25519", + "brainpool384r1", + "brainpool512r1", }; } |