MINOR: quic: Prefer x25519 as ECDH preferred parametes. This make at least our listeners answer to ngtcp2 clients without HelloRetryRequest message. It seems the server choses the first group in the group list ordered by preference and set by SSL_CTX_set1_curves_list() which match the client ones.

commit: 4b1fddcfcfcd87efa5f97fecb8669766433d3318 [log] [tgz]
author: Frédéric Lécaille <flecaille@haproxy.com> Thu Jul 01 17:09:05 2021 +0200
committer: Amaury Denoyelle <adenoyelle@haproxy.com> Thu Sep 23 15:27:25 2021 +0200
tree: 749657efc4a4ace0a0a6f8885aae1c0ad9241f77
parent: c6bc185c185e366e57beed99ddfe609f7b5507b6 [diff] [blame]
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a3013fd..783772a 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c

@@ -942,7 +942,7 @@
 		"TLS_CHACHA20_POLY1305_SHA256:"
 		"TLS_AES_128_CCM_SHA256";
 #endif
-	const char *groups = "P-256:X25519:P-384:P-521";
+	const char *groups = "X25519:P-256:P-384:P-521";
 	long options =
 		(SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
 		SSL_OP_SINGLE_ECDH_USE |
commit	4b1fddcfcfcd87efa5f97fecb8669766433d3318	[log] [tgz]
author	Frédéric Lécaille <flecaille@haproxy.com>	Thu Jul 01 17:09:05 2021 +0200
committer	Amaury Denoyelle <adenoyelle@haproxy.com>	Thu Sep 23 15:27:25 2021 +0200
tree	749657efc4a4ace0a0a6f8885aae1c0ad9241f77
parent	c6bc185c185e366e57beed99ddfe609f7b5507b6 [diff] [blame]