secp521r1 removed from 1.4.6
Maxim Dounin
mdounin at mdounin.ru
Thu Mar 13 16:27:07 UTC 2014
Hello!
On Thu, Mar 13, 2014 at 11:43:37AM -0400, nginxu14 wrote:
> Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use it in
> ssl_ecdh_curve doesnt work but worked in 1.4.5.
>
> Was this just a mistake or is there a reason why it has been removed?
It wasn't - nginx just uses what's available from your OpenSSL
library. Use
$ openssl ecparam -list_curves
to find out which curves are supported by OpenSSL library on your
host.
As long as you are using CentOS 6, likely you've hit something
similar to what's described in this ticket:
http://trac.nginx.org/nginx/ticket/515
I.e., the ssl_ecdh_curve directive is now actually used and the
value is rejected as not supported by OpenSSL on you host, rather
than being ignored.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list