Remove separate default group list for servers.

It's the same as for clients, and we're probably not going to change
that any time soon.

Change-Id: Ic48cb640e98b0957d264267b97b5393f1977c6e6
Reviewed-on: https://boringssl-review.googlesource.com/c/34665
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Adam Langley 2019-01-29 07:36:54 -08:00 committed by Adam Langley
parent fcc1ad78f9
commit 2d38b83976

View File

@ -292,23 +292,10 @@ static const uint16_t kDefaultGroups[] = {
SSL_CURVE_SECP384R1, SSL_CURVE_SECP384R1,
}; };
// TLS 1.3 servers will pick CECPQ2 if offered by a client, but it's not enabled
// by default for clients.
static const uint16_t kDefaultGroupsServer[] = {
// CECPQ2 is not yet enabled by default.
// SSL_CURVE_CECPQ2,
SSL_CURVE_X25519,
SSL_CURVE_SECP256R1,
SSL_CURVE_SECP384R1,
};
Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) { Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) {
if (!hs->config->supported_group_list.empty()) { if (!hs->config->supported_group_list.empty()) {
return hs->config->supported_group_list; return hs->config->supported_group_list;
} }
if (hs->ssl->server) {
return Span<const uint16_t>(kDefaultGroupsServer);
}
return Span<const uint16_t>(kDefaultGroups); return Span<const uint16_t>(kDefaultGroups);
} }