From 6a71ada1c845e69f3341c7a853c2accf7fbc315b Mon Sep 17 00:00:00 2001
From: Davide De Rosa <keeshux@gmail.com>
Date: Thu, 23 Aug 2018 17:14:12 +0200
Subject: [PATCH] Drop support for redundant EC curves

---
 TunnelKit/Sources/Core/TLSBox.m | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/TunnelKit/Sources/Core/TLSBox.m b/TunnelKit/Sources/Core/TLSBox.m
index 3e93701..401f4f2 100644
--- a/TunnelKit/Sources/Core/TLSBox.m
+++ b/TunnelKit/Sources/Core/TLSBox.m
@@ -106,13 +106,11 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) {
 - (BOOL)startWithError:(NSError *__autoreleasing *)error
 {
     if (!TLSBoxIsOpenSSLLoaded) {
-//        OPENSSL_init_ssl(0, NULL);
-
         TLSBoxIsOpenSSLLoaded = YES;
     }
     
     self.ctx = SSL_CTX_new(TLS_client_method());
-    SSL_CTX_set_options(self.ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
+    SSL_CTX_set_options(self.ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION);
     if (self.caPath) {
         SSL_CTX_set_verify(self.ctx, SSL_VERIFY_PEER, TLSBoxVerifyPeer);
         if (!SSL_CTX_load_verify_locations(self.ctx, [self.caPath cStringUsingEncoding:NSASCIIStringEncoding], NULL)) {
@@ -126,7 +124,6 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) {
     else {
         SSL_CTX_set_verify(self.ctx, SSL_VERIFY_NONE, NULL);
     }
-    SSL_CTX_set1_curves_list(self.ctx, "X25519:prime256v1:secp521r1:secp384r1:secp256k1");
 
     self.ssl = SSL_new(self.ctx);