From 720a6bf62ed48b024ef38850457c3ab7ad8a33bb Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Sun, 11 Aug 2019 19:01:57 +0200 Subject: [PATCH] lib/tlsutil: Remove hardcoded curve preferences (fixes #5940) (#5942) They are arguable outdated and we are better off trusting the standard library than trying to keep up with it ourselves. --- lib/tlsutil/tlsutil.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/tlsutil/tlsutil.go b/lib/tlsutil/tlsutil.go index 5439b8f0..6bb3a42f 100644 --- a/lib/tlsutil/tlsutil.go +++ b/lib/tlsutil/tlsutil.go @@ -86,10 +86,6 @@ func SecureDefault() *tls.Config { return &tls.Config{ // TLS 1.2 is the minimum we accept MinVersion: tls.VersionTLS12, - // We want the longer curves at the front, because that's more - // secure (so the web tells me, don't ask me to explain the - // details). - CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256}, // The cipher suite lists built above. These are ignored in TLS 1.3. CipherSuites: cs, // We've put some thought into this choice and would like it to