About ssl_ecdh_curve auto

Sergey A. Osokin osa at freebsd.org.ru
Wed Oct 26 03:22:54 UTC 2022


hope you're doing well.

On Tue, Oct 25, 2022 at 11:25:39AM -0400, wordlesswind wrote:
> I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and
> I noticed something about "ssl_ecdh_curve auto;".

Well, the `auto' is the default value of the ssl_ecdh_curve directive, [1].

> When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only
> prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order
> for the server.

Is there a official package from [2]?
What's the SSL implementation and its version are there?  For OpenSSL
please run

% openssl version -a

It's also possible to see the list of the elliptic curve parameters with
the following command:

% openssl ecparam -list_curves

1. https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
2. https://nginx.org/en/linux_packages.html

Thank you.

Sergey A. Osokin

More information about the nginx mailing list