From 62a03ea81ab7a2fe8ff79275427f3353a75e3a4f Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Sun, 7 Feb 2016 05:10:18 -0500
Subject: Make SRP6 support optional in TLS

Remove SRP_SHA from the default policy, since normal applications do
not need it.

Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange
constructor, that's the default unique_ptr already.
---
 src/lib/tls/tls_policy.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/tls/tls_policy.cpp')

diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 096dffb4a..3100db50d 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -64,7 +64,7 @@ std::vector<std::string> Policy::allowed_macs() const
 std::vector<std::string> Policy::allowed_key_exchange_methods() const
    {
    return {
-      "SRP_SHA",
+      //"SRP_SHA",
       //"ECDHE_PSK",
       //"DHE_PSK",
       //"PSK",
@@ -80,7 +80,7 @@ std::vector<std::string> Policy::allowed_signature_methods() const
       "ECDSA",
       "RSA",
       "DSA",
-      //""
+      //"" (anon)
       };
    }
 
-- 
cgit v1.2.3