About ssl_ecdh_curve auto
nginx-forum at forum.nginx.org
Tue Oct 25 15:25:39 UTC 2022
I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and
I noticed something about "ssl_ecdh_curve auto;".
When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only
prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order
for the server.
As far as I know, the full list of nginx support should be x25519, x448,
secp256r1, secp384r1, secp521r1.
So what caused the difference in "ssl_ecdh_curve auto;"?
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295602,295602#msg-295602
More information about the nginx