priority: document the reasons for the order of supported groups [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-04-16 15:35:33 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-04-16 15:35:38 +0200
commit: 5c805f54b06e86df5ebbd06ec687111697ee4576 (patch)
tree: 8d64a6e8efb67111dce0f87eaeb4c88bc4b7441a
parent: 8e32440919dbf84c67ea779009ef76b25787d465 (diff)
download: gnutls-5c805f54b06e86df5ebbd06ec687111697ee4576.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/priority.c b/lib/priority.c
index 89aabef7d8..065728fa0b 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -127,6 +127,11 @@ static const int _supported_groups_normal[] = {
 	GNUTLS_GROUP_SECP384R1,
 	GNUTLS_GROUP_SECP521R1,
 	GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */
+
+	/* These should stay last as our default behavior
+	 * is to send key shares for two top types (GNUTLS_KEY_SHARE_TOP2)
+	 * and we wouldn't want to have these sent by all clients
+	 * by default as they are quite expensive CPU-wise. */
 	GNUTLS_GROUP_FFDHE2048,
 	GNUTLS_GROUP_FFDHE3072,
 	GNUTLS_GROUP_FFDHE4096,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-04-16 15:35:33 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-04-16 15:35:38 +0200
commit	5c805f54b06e86df5ebbd06ec687111697ee4576 (patch)
tree	8d64a6e8efb67111dce0f87eaeb4c88bc4b7441a
parent	8e32440919dbf84c67ea779009ef76b25787d465 (diff)
download	gnutls-5c805f54b06e86df5ebbd06ec687111697ee4576.tar.gz