[tls] Prefer X25519 as a key exchange mechanism

In TLS version 1.3, the expected flow is that the client offers at
least one key share in the initial ClientHello, so that key exchange
can take place as soon as the ServerHello is received (without
requiring a HelloRetryRequest and a second round trip).

We cannot viably offer key shares for all supported groups, since the
FFDHE groups have large public key values.  The most likely approach
will be that we offer a single key share for our most preferred group.

Experiments suggest that X25519 is currently the most widely supported
key exchange group.  Make this the most preferred group to maximise
the chance that a (future) TLS version 1.3 handshake will avoid the
extra round trip for a HelloRetryRequest.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/mishmash/oid_p256.c

@@ -40,7 +40,7 @@ struct asn1_algorithm prime256v1_algorithm __asn1_algorithm = {
 };
 
 /** P-256 named group */
-struct tls_named_group tls_secp256r1_named_group __tls_named_group ( 01 ) = {
+struct tls_named_group tls_secp256r1_named_group __tls_named_group ( 02 ) = {
 	.exchange = &p256_algorithm,
 	.code = htons ( TLS_NAMED_GROUP_SECP256R1 ),
 };

src/crypto/mishmash/oid_p384.c

@@ -40,7 +40,7 @@ struct asn1_algorithm secp384r1_algorithm __asn1_algorithm = {
 };
 
 /** P-384 named group */
-struct tls_named_group tls_secp384r1_named_group __tls_named_group ( 01 ) = {
+struct tls_named_group tls_secp384r1_named_group __tls_named_group ( 02 ) = {
 	.exchange = &p384_algorithm,
 	.code = htons ( TLS_NAMED_GROUP_SECP384R1 ),
 };