Google Git
Sign in
boringssl/boringssl.git/2d38b8397620c1490a2c9fad47a04c4e12592789^!/.
commit
2d38b8397620c1490a2c9fad47a04c4e12592789
[log]
author
Adam Langley <alangley@gmail.com>
Tue Jan 29 07:36:54 2019 -0800
committer
Adam Langley <agl@google.com>
Wed Feb 06 00:33:29 2019 +0000
tree
908d5409e411f8abf346c75b819424b37aefb9a2
parent
fcc1ad78f90181a234a03a340596d80d25e2da6c [diff]
Remove separate default group list for servers.

It's the same as for clients, and we're probably not going to change
that any time soon.

Change-Id: Ic48cb640e98b0957d264267b97b5393f1977c6e6
Reviewed-on: https://boringssl-review.googlesource.com/c/34665
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 36ba114..3a08fe6 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -292,23 +292,10 @@
     SSL_CURVE_SECP384R1,
 };
 
-// TLS 1.3 servers will pick CECPQ2 if offered by a client, but it's not enabled
-// by default for clients.
-static const uint16_t kDefaultGroupsServer[] = {
-    // CECPQ2 is not yet enabled by default.
-    // SSL_CURVE_CECPQ2,
-    SSL_CURVE_X25519,
-    SSL_CURVE_SECP256R1,
-    SSL_CURVE_SECP384R1,
-};
-
 Span<const uint16_t> tls1_get_grouplist(const SSL_HANDSHAKE *hs) {
   if (!hs->config->supported_group_list.empty()) {
     return hs->config->supported_group_list;
   }
-  if (hs->ssl->server) {
-    return Span<const uint16_t>(kDefaultGroupsServer);
-  }
   return Span<const uint16_t>(kDefaultGroups);
 }