mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-01-19 00:51:37 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Prefer x25519 as ECDH preferred parametes.

Browse Source 
This make at least our listeners answer to ngtcp2 clients without
HelloRetryRequest message. It seems the server choses the first
group in the group list ordered by preference and set by
SSL_CTX_set1_curves_list() which match the client ones.
This commit is contained in:
Frédéric Lécaille 2021-07-01 17:09:05 +02:00 committed by Amaury Denoyelle
parent c6bc185c18
commit 4b1fddcfcf
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/xprt_quic.c
View File

@ -942,7 +942,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
"TLS_CHACHA20_POLY1305_SHA256:"
"TLS_AES_128_CCM_SHA256";
#endif
const char *groups = "P-256:X25519:P-384:P-521";
const char *groups = "X25519:P-256:P-384:P-521";
long options =
(SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
SSL_OP_SINGLE_ECDH_USE |