Rename _curve_ to be more accurate with the changes in TLS 1.3 _supported group_ naming convention

ryru / strongswan

strongSwan - IPsec-based VPN

https://www.strongswan.org

Other

0 stars 1 forks source link

Rename _curve_ to be more accurate with the changes in TLS 1.3 _supported group_ naming convention #22

Closed ryru closed 3 years ago

ryru commented 4 years ago

I wonder if it would be better to change curve to group or dh_group (not only here, but generally). Because at least in theory this also includes the classic DH groups e.g. modp2048 (called ffdhe2048 in the TLS 1.3 RFC), which is why the corresponding extension was renamed to "supported groups". Do other TLS clients actually support those other groups? Or only ECDH?

_Originally posted by @tobiasbrunner in https://github.com/ryru/strongswan/pull/19#discussion_r496544657_

ryru commented 3 years ago

Tobias an I agreed that this issue is meant for the config file configuration parameter only (not for the source code). And we agreed on the parameter ke_group (key exchange group) since key_exchange is already in use.