ECDHE key exchange with TLSv1
Calomel Org
kepler at calomel.org
Sat Jul 10 00:03:55 MSD 2010
Does Nginx support the elliptic curve cryptography ciphers like
ECDHE-ECDSA-AES256-SHA available through OpenSSL v1.0.0a ?
I have built OpenSSL v1.0.0a and placed it in a separate directory. I
then built nginx with --with-cc-opt="-I /path_openssl/include/"
--with-ld-opt="-L /path_openssl/lib/" and it builds fine.
Nginx.conf has the following for SSL:
## SSL Certs
ssl on;
ssl_certificate /ssl/host.com_ssl.crt;
ssl_certificate_key /ssl/host_ssl.key;
ssl_ciphers ECDHE-ECDSA-AES256-SHA:AES256-SHA;
#ssl_dhparam /ssl/host_dh.pem;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
The daemon starts up correctly, but clients will only negotiate their
SSL connection as AES256-SHA.
Does "ssl_dhparam" need a PEM string? Any examples?
BTW, I found another post in the archives where Maxim Dounin said
support was not available as of October 2009.
Build error --with-debug; ECDHE key exchange TLS problem.[nginx 0.7.62]
http://forum.nginx.org/read.php?2,11737,11737
--
Calomel @ https://calomel.org
Open Source Research and Reference
More information about the nginx
mailing list