make ecp_x_coordinate_only = yes the default
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 6 Jul 2009 09:47:38 +0000 (11:47 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 6 Jul 2009 09:47:38 +0000 (11:47 +0200)
src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c

index 4c5d3f2..082aed9 100644 (file)
@@ -185,10 +185,12 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_
        }
        
        /*
-        * x_coordinate_only = TRUE applies errata for RFC 4753
+        * The default setting ecp_x_coordinate_only = TRUE
+        * applies the following errata for RFC 4753:
+        * http://www.rfc-editor.org/errata_search.php?eid=9
         */
        x_coordinate_only = lib->settings->get_bool(lib->settings,
-                                                       "libstrongswan.ecp_x_coordinate_only", FALSE);
+                                                       "libstrongswan.ecp_x_coordinate_only", TRUE);
        if (!ecp2chunk(this->ec_group, secret, shared_secret, x_coordinate_only))
        {
                goto error;