Setting ssl_ecdh_curve to secp384r1 does not work

Kurt Cancemi kurt at x64architecture.com
Wed Jul 6 09:32:59 UTC 2016


Hello,

The following are in auto:

 secp256r1
 secp521r1
 brainpool512r1
 brainpoolP384r1
 secp384r1
 brainpoolP256r1
 secp256k1
If not configured with OPENSSL_NO_EC2M
 sect571r1
 sect571k1
 sect409k1
 sect409r1
 sect283k1
 sect283r1
#endif

From OpenSSL source: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/ssl/t1_lib.c#L266

Kurt Cancemi
https://www.x64architecture.com

> On Jul 6, 2016, at 03:15, Florian Reinhart <florian at bottledsoftware.de> wrote:
> 
> Hi Maxim!
> 
> Thanks for investigating this! I thought ssl_ecdh_curve was only used to specific curves for ECDHE.
> 
> Is there any way to know what curves "auto" will include on my system?
> 
> —Florian



More information about the nginx mailing list