ssl_ecdh_curve

Question

ssl_ecdh_curve

FernandoMiguel opened this issue 7 years ago · comments

Fernando Miguel commented 7 years ago

I've noticed you guys added :
ssl_ecdh_curve X25519:P-256:P-384:P-224:P-521;

is there a certain version of openssl or nginx required to support this?

nginx 1.10.0 on ubuntu:
nginx: [emerg] Unknown curve name "X25519:P-256:P-384:P-224:P-521" (SSL:)

Blago Eres · Answer 1 · Thu Jul 06 2017 07:28:41 GMT+0800 (China Standard Time)

I think the only requirenment for this is latest OpenSSL 1.1.0f. Specifying multiple curves requires Nginx 1.11.0+. At the moment the only way to use this is by compiling Nginx against OpenSSL 1.1.0f.