add FFDHE2048 for testing

test-tls13-unrecognised-groups.py test-tls13-ffdhe-sanity.py
haskell-tls · Dec 16, 2024 · 25d5ec4 · 25d5ec4
1 parent b844715
commit 25d5ec4
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/tls/Network/TLS/Crypto/Types.hs b/tls/Network/TLS/Crypto/Types.hs
@@ -77,7 +77,18 @@ availableECGroups :: [Group]
 availableECGroups = [P256, P384, P521, X25519, X448]
 
 supportedNamedGroups :: [Group]
-supportedNamedGroups = [X25519, X448, P256, FFDHE3072, FFDHE4096, P384, FFDHE6144, FFDHE8192, P521]
+supportedNamedGroups =
+    [ X25519
+    , X448
+    , P256
+    , FFDHE2048
+    , FFDHE3072
+    , FFDHE4096
+    , P384
+    , FFDHE6144
+    , FFDHE8192
+    , P521
+    ]
 
 -- Key-exchange signature algorithm, in close relation to ciphers
 -- (before TLS 1.3).

diff --git a/tls/util/tls-server.hs b/tls/util/tls-server.hs
@@ -37,8 +37,7 @@ defaultOptions =
         { optDebugLog = False
         , optShow = False
         , optKeyLogFile = Nothing
-        , -- excluding FFDHE8192 for retry
-          optGroups = [X25519, X448, P256, P521]
+        , optGroups = supportedGroups defaultSupported
         , optCertFile = "servercert.pem"
         , optKeyFile = "serverkey.pem"
         }