diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-16 15:35:33 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-16 15:35:38 +0200 |
commit | 5c805f54b06e86df5ebbd06ec687111697ee4576 (patch) | |
tree | 8d64a6e8efb67111dce0f87eaeb4c88bc4b7441a | |
parent | 8e32440919dbf84c67ea779009ef76b25787d465 (diff) | |
download | gnutls-5c805f54b06e86df5ebbd06ec687111697ee4576.tar.gz |
priority: document the reasons for the order of supported groups [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/priority.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/priority.c b/lib/priority.c index 89aabef7d8..065728fa0b 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -127,6 +127,11 @@ static const int _supported_groups_normal[] = { GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + + /* These should stay last as our default behavior + * is to send key shares for two top types (GNUTLS_KEY_SHARE_TOP2) + * and we wouldn't want to have these sent by all clients + * by default as they are quite expensive CPU-wise. */ GNUTLS_GROUP_FFDHE2048, GNUTLS_GROUP_FFDHE3072, GNUTLS_GROUP_FFDHE4096, |