Mercurial > hg > icedtea11

diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
@@ -515,50 +515,19 @@
                 }
             } else {        // default groups
                 NamedGroup[] groups;
-                if (requireFips) {
-                    groups = new NamedGroup[] {
-                        // only NIST curves in FIPS mode
-                        NamedGroup.SECP256_R1,
-                        NamedGroup.SECP384_R1,
-                        NamedGroup.SECP521_R1,
-                        NamedGroup.SECT283_K1,
-                        NamedGroup.SECT283_R1,
-                        NamedGroup.SECT409_K1,
-                        NamedGroup.SECT409_R1,
-                        NamedGroup.SECT571_K1,
-                        NamedGroup.SECT571_R1,
+	    groups = new NamedGroup[] {
+		// only NIST curves in FIPS mode
+		NamedGroup.SECP256_R1,
+		NamedGroup.SECP384_R1,
+		NamedGroup.SECP521_R1,

-                        // FFDHE 2048
-                        NamedGroup.FFDHE_2048,
-                        NamedGroup.FFDHE_3072,
-                        NamedGroup.FFDHE_4096,
-                        NamedGroup.FFDHE_6144,
-                        NamedGroup.FFDHE_8192,
-                    };
-                } else {
-                    groups = new NamedGroup[] {
-                        // NIST curves first
-                        NamedGroup.SECP256_R1,
-                        NamedGroup.SECP384_R1,
-                        NamedGroup.SECP521_R1,
-                        NamedGroup.SECT283_K1,
-                        NamedGroup.SECT283_R1,
-                        NamedGroup.SECT409_K1,
-                        NamedGroup.SECT409_R1,
-                        NamedGroup.SECT571_K1,
-                        NamedGroup.SECT571_R1,
-
-                        // non-NIST curves
-                        NamedGroup.SECP256_K1,
-
-                        // FFDHE 2048
-                        NamedGroup.FFDHE_2048,
-                        NamedGroup.FFDHE_3072,
-                        NamedGroup.FFDHE_4096,
-                        NamedGroup.FFDHE_6144,
-                        NamedGroup.FFDHE_8192,
-                    };
-                }
+		// FFDHE 2048
+		NamedGroup.FFDHE_2048,
+		NamedGroup.FFDHE_3072,
+		NamedGroup.FFDHE_4096,
+		NamedGroup.FFDHE_6144,
+		NamedGroup.FFDHE_8192,
+	    };

                 groupList = new ArrayList<>(groups.length);
                 for (NamedGroup group : groups) {
author	Andrew John Hughes <gnu_andrew@member.fsf.org>
date	Fri, 11 Jan 2019 03:32:22 +0000
parents	04327567ef0a
children