About ssl_ecdh_curve auto
Maxim Dounin
mdounin at mdounin.ru
Wed Oct 26 04:24:30 UTC 2022
Hello!
On Wed, Oct 26, 2022 at 06:22:54AM +0300, Sergey A. Osokin wrote:
[...]
> It's also possible to see the list of the elliptic curve parameters with
> the following command:
>
> % openssl ecparam -list_curves
Fun fact: this list only includes standard curves, but not custom
curves such as X25519 or X448, so it is more or less useless.
Not to mention this list has nothing to do with the default list
of supported curves as used by default (and with "ssl_ecdh_curve
auto;" in nginx). As far as I understand, there are no
user-friendly ways to extract this default list from OpenSSL. The
best ways I'm aware of include looking into the code or SSL
handshakes on the wire.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list