We currently leave the default groups enabled, which could be problematic on some systems, particularly for performance. When doing so, we should also ensure that we call SSL_SendAdditionalKeyShares so that we generate P-256 shares as well as 25519 shares. That will affect TLS 1.3 when that's enabled, and we could miss it (there is a theory that all the servers will have 25519, but that's not certain yet). Recommended groups and their order: 25519, P-256, P384, FFDHE2048, FFDHE3072.
Priority: -- → P2
Comment on attachment 8794709 [details] Bug 1304926 - Enable specific named groups, https://reviewboard.mozilla.org/r/81040/#review79758 LGTM once enough of bug 1304919 lands.
Attachment #8794709 - Flags: review?(dkeeler) → review+
Pushed by email@example.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/27e8b32dea3e Enable specific named groups, r=keeler
You need to log in before you can comment on or make changes to this bug.