About ssl_ecdh_curve auto
Sergey A. Osokin
osa at freebsd.org.ru
Wed Oct 26 03:22:54 UTC 2022
Hi,
hope you're doing well.
On Tue, Oct 25, 2022 at 11:25:39AM -0400, wordlesswind wrote:
>
> I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and
> I noticed something about "ssl_ecdh_curve auto;".
Well, the `auto' is the default value of the ssl_ecdh_curve directive, [1].
> When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only
> prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order
> for the server.
Is there a official package from [2]?
What's the SSL implementation and its version are there? For OpenSSL
please run
% openssl version -a
It's also possible to see the list of the elliptic curve parameters with
the following command:
% openssl ecparam -list_curves
Refereces
1. https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
2. https://nginx.org/en/linux_packages.html
Thank you.
--
Sergey A. Osokin
More information about the nginx
mailing list