Hi everyone,
I'm using Nginx with LibreSSL 2.3.4 and I want to know if someone know how to use the "new" "ssl_ecdh_curve" directive in nginx 1.11.0 which allow to use more than one curve.
Per example, I want to use to following curves on my server:
-secp384r1
-secp521r1
-sect571r1
The official announcement says :
Feature: the "ssl_ecdh_curve" directive now allows specifying a listof curves when using OpenSSL 1.0.2 or newer; by default a list built into OpenSSL is used.
What syntax do we have to use for a list of curves?
I've tried both :
ssl_ecdh_curve secp384r1:secp521r1:sect571r1;
or
ssl_ecdh_curve secp384r1;
ssl_ecdh_curve secp521r1;
ssl_ecdh_curve sect571r1;
or
ssl_ecdh_curve secp384r1 secp521r1 sect571r1;
but nothing works with a nginx -t.
If someone has an idea :)
Thanks, and regards,
Nicolas
I'm using Nginx with LibreSSL 2.3.4 and I want to know if someone know how to use the "new" "ssl_ecdh_curve" directive in nginx 1.11.0 which allow to use more than one curve.
Per example, I want to use to following curves on my server:
-secp384r1
-secp521r1
-sect571r1
The official announcement says :
Feature: the "ssl_ecdh_curve" directive now allows specifying a listof curves when using OpenSSL 1.0.2 or newer; by default a list built into OpenSSL is used.
What syntax do we have to use for a list of curves?
I've tried both :
ssl_ecdh_curve secp384r1:secp521r1:sect571r1;
or
ssl_ecdh_curve secp384r1;
ssl_ecdh_curve secp521r1;
ssl_ecdh_curve sect571r1;
or
ssl_ecdh_curve secp384r1 secp521r1 sect571r1;
but nothing works with a nginx -t.
If someone has an idea :)
Thanks, and regards,
Nicolas