MINOR: quic: Prefer x25519 as ECDH preferred parametes.

This make at least our listeners answer to ngtcp2 clients without
HelloRetryRequest message. It seems the server choses the first
group in the group list ordered by preference and set by
SSL_CTX_set1_curves_list() which match the client ones.

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index a3013fdd96656b7b246660a0c120b1f2a567c539..783772a9bb47bad50ffba97a5122276d4127f1ff 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -942,7 +942,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
                "TLS_CHACHA20_POLY1305_SHA256:"
                "TLS_AES_128_CCM_SHA256";
 #endif
-       const char *groups = "P-256:X25519:P-384:P-521";
+       const char *groups = "X25519:P-256:P-384:P-521";
        long options =
                (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
                SSL_OP_SINGLE_ECDH_USE |