kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove separate default group list for servers.

Browse Source 
It's the same as for clients, and we're probably not going to change
that any time soon.

Change-Id: Ic48cb640e98b0957d264267b97b5393f1977c6e6
Reviewed-on: https://boringssl-review.googlesource.com/c/34665
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Adam Langley 2019-01-29 07:36:54 -08:00 committed by Adam Langley
parent fcc1ad78f9
commit 2d38b83976
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ssl/t1_lib.cc
View File

@ -292,23 +292,10 @@ static const uint16_t kDefaultGroups[] = {
SSL_CURVE_SECP384R1, SSL_CURVE_SECP384R1,
}; };
// TLS 1.3 servers will pick CECPQ2 if offered by a client, but it's not enabled
// by default for clients.
static const uint16_t kDefaultGroupsServer[] = {
// CECPQ2 is not yet enabled by default.
// SSL_CURVE_CECPQ2,
SSL_CURVE_X25519,
SSL_CURVE_SECP256R1,
SSL_CURVE_SECP384R1,
};
Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) { Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) {
if (!hs->config->supported_group_list.empty()) { if (!hs->config->supported_group_list.empty()) {
return hs->config->supported_group_list; return hs->config->supported_group_list;
} }
if (hs->ssl->server) {
return Span<const uint16_t>(kDefaultGroupsServer);
}
return Span<const uint16_t>(kDefaultGroups); return Span<const uint16_t>(kDefaultGroups);
} }