From 4b1fddcfcfcd87efa5f97fecb8669766433d3318 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Thu, 1 Jul 2021 17:09:05 +0200
Subject: [PATCH] MINOR: quic: Prefer x25519 as ECDH preferred parametes.

This make at least our listeners answer to ngtcp2 clients without
HelloRetryRequest message. It seems the server choses the first
group in the group list ordered by preference and set by
SSL_CTX_set1_curves_list() which match the client ones.
---
 src/xprt_quic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a3013fdd9..783772a9b 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -942,7 +942,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
 		"TLS_CHACHA20_POLY1305_SHA256:"
 		"TLS_AES_128_CCM_SHA256";
 #endif
-	const char *groups = "P-256:X25519:P-384:P-521";
+	const char *groups = "X25519:P-256:P-384:P-521";
 	long options =
 		(SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
 		SSL_OP_SINGLE_ECDH_USE |