diff options
Diffstat (limited to 'lib/priority.c')
-rw-r--r-- | lib/priority.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/lib/priority.c b/lib/priority.c index 25f7ebab37..fef7d5f9ba 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -105,6 +105,22 @@ static void _clear_given_priorities(priority_st * st, const int *list) } } +static const int _supported_groups_dh[] = { + GNUTLS_GROUP_FFDHE2048, + GNUTLS_GROUP_FFDHE3072, + GNUTLS_GROUP_FFDHE4096, + GNUTLS_GROUP_FFDHE8192, + 0 +}; + +static const int _supported_groups_ecdh[] = { + GNUTLS_GROUP_SECP256R1, + GNUTLS_GROUP_SECP384R1, + GNUTLS_GROUP_SECP521R1, + GNUTLS_GROUP_X25519, /* draft-ietf-tls-rfc4492bis */ + 0 +}; + static const int _supported_groups_normal[] = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, @@ -1585,6 +1601,18 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, bulk_fn(&(*priority_cache)-> _supported_ecc, supported_groups_normal); + } else if (strncasecmp + (&broken_list[i][1], "GROUP-DH-ALL", + 12) == 0) { + bulk_given_fn(&(*priority_cache)-> + _supported_ecc, + _supported_groups_dh); + } else if (strncasecmp + (&broken_list[i][1], "GROUP-EC-ALL", + 12) == 0) { + bulk_given_fn(&(*priority_cache)-> + _supported_ecc, + _supported_groups_ecdh); } else { if ((algo = gnutls_group_get_id |