Setting ssl_ecdh_curve to secp384r1 does not work
mdounin at mdounin.ru
Wed Jul 6 16:08:19 UTC 2016
On Wed, Jul 06, 2016 at 09:15:59AM +0200, Florian Reinhart wrote:
> Is there any way to know what curves "auto" will include on my
This is not currently possible, AFAIK, and depends on the OpenSSL
library used. Here is a short summary for varions OpenSSL version
I've previously looked into:
- OpenSSL 1.0.2, 1.0.2a: all curves supported, strongest first.
Full list is available via "openssl ecparam -list_curves".
- OpenSSL 1.0.2b ... 1.0.2h: limited default list with at least
256 bits, prime256v1 (aka P-256) first. List in OpenSSL 1.0.2g
is as follows:
- Upcoming OpenSSL 1.1.0 uses X25519:P-256:P-521:P-384 (aka
More information about the nginx