Welcome! Log In Create A New Profile

Advanced

Re: secp521r1 removed from 1.4.6

March 14, 2014 06:23PM
Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
>
> On Thu, Mar 13, 2014 at 03:04:11PM -0400, nginxu14 wrote:
>
> > Sorry for wasting your time you are correct secp512r1 isnt there
> when I run
> > the command.
> >
> > Im guessing that secp256r1 isnt in the list because its just the
> default
> > one. Just using the default settings and not setting a curve uses
> secp256r1
> > and secp384r1 works by setting it in ssl_ecdh_curve.
>
> Secp256r1 and prime256v1 are just different names of the same
> curve. (And yes, it's used by default.)
>
> > I like CentOS its the only OS I use for servers but this kind of
> thing
> > annoys me about CentOS because its waiting for Red Hat to enable
> secp521r1.
> > I dont have the need for it but it would be nice to have the option.
>
> 256 bit ECC is believed to be equivalent to 3096 bit RSA, and 521
> bit ECC - to 16384 bit RSA. So in case of https, unless you are
> using 16384 bit RSA certificates, use of secp521r1 is mostly
> pointless and just wastes CPU cycles.
>
> > Looking at this:
> https://bugzilla.redhat.com/show_bug.cgi?id=1021897#c7 it
> > is coming but not sure when.
>
> Note well that this link correctly points out that secp521r1 isn't
> supported by IE (yet?), so it's use isn't a good idea from
> compatibility point of view, too.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


For me its just about having the option. I know secp521r1 is coming from Red Hat. In the same link a member of staff says they got the go ahead from Legal. I read somewhere the problem is because its patented and Red Hat dont want to risk it. Hopefully in the next few months its enabled/added.
SubjectAuthorPosted

secp521r1 removed from 1.4.6

nginxu14March 13, 2014 11:43AM

Re: secp521r1 removed from 1.4.6

Maxim DouninMarch 13, 2014 12:28PM

Re: secp521r1 removed from 1.4.6

nginxu14March 13, 2014 03:04PM

Re: secp521r1 removed from 1.4.6

Maxim DouninMarch 14, 2014 05:04AM

Re: secp521r1 removed from 1.4.6

MacLemonMarch 14, 2014 10:04AM

Re: secp521r1 removed from 1.4.6

nginxu14March 14, 2014 08:07PM

Re: secp521r1 removed from 1.4.6

nginxu14March 14, 2014 06:23PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 7 on March 06, 2014
Record Number of Guests: 229 on August 01, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready