lib/tlsutil: Remove hardcoded curve preferences (fixes #5940) (#5942)

They are arguable outdated and we are better off trusting the standard library than trying to keep up with it ourselves.
2024-11-08 22:31:04 +00:00 · 2019-08-11 19:01:57 +02:00 · 2019-08-11 19:01:57 +02:00 · 720a6bf62e
commit 720a6bf62e
parent 4a619e74f2
1 changed files with 0 additions and 4 deletions
--- a/lib/tlsutil/tlsutil.go
+++ b/lib/tlsutil/tlsutil.go
@ -86,10 +86,6 @@ func SecureDefault() *tls.Config {
 	return &tls.Config{
 		// TLS 1.2 is the minimum we accept
 		MinVersion: tls.VersionTLS12,
-		// We want the longer curves at the front, because that's more
-		// secure (so the web tells me, don't ask me to explain the
-		// details).
-		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		// The cipher suite lists built above. These are ignored in TLS 1.3.
 		CipherSuites: cs,
 		// We've put some thought into this choice and would like it to