About ssl_ecdh_curve auto

wordlesswind nginx-forum at forum.nginx.org
Tue Oct 25 15:25:39 UTC 2022

Hello guys,

I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and
I noticed something about "ssl_ecdh_curve auto;".

When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only
prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order
for the server.

As far as I know, the full list of nginx support should be x25519, x448,
secp256r1, secp384r1, secp521r1.

So what caused the difference in "ssl_ecdh_curve auto;"?

Best regards,

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295602,295602#msg-295602

More information about the nginx mailing list