secp521r1 removed from 1.4.6
mdounin at mdounin.ru
Thu Mar 13 16:27:07 UTC 2014
On Thu, Mar 13, 2014 at 11:43:37AM -0400, nginxu14 wrote:
> Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use it in
> ssl_ecdh_curve doesnt work but worked in 1.4.5.
> Was this just a mistake or is there a reason why it has been removed?
It wasn't - nginx just uses what's available from your OpenSSL
$ openssl ecparam -list_curves
to find out which curves are supported by OpenSSL library on your
As long as you are using CentOS 6, likely you've hit something
similar to what's described in this ticket:
I.e., the ssl_ecdh_curve directive is now actually used and the
value is rejected as not supported by OpenSSL on you host, rather
than being ignored.
More information about the nginx