Does Nginx support the elliptic curve cryptography ciphers like
ECDHE-ECDSA-AES256-SHA available through OpenSSL v1.0.0a ?


I have built OpenSSL v1.0.0a and placed it in a separate directory. I
then built nginx with --with-cc-opt="-I /path_openssl/include/"
--with-ld-opt="-L /path_openssl/lib/" and it builds fine.

Nginx.conf has the following for SSL:

## SSL Certs
ssl on;
ssl_certificate /ssl/host.com_ssl.crt;
ssl_certificate_key /ssl/host_ssl.key;
ssl_ciphers ECDHE-ECDSA-AES256-SHA:AES256-SHA;
#ssl_dhparam /ssl/host_dh.pem;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;


The daemon starts up correctly, but clients will only negotiate their
SSL connection as AES256-SHA.

Does "ssl_dhparam" need a PEM string? Any examples?



BTW, I found another post in the archives where Maxim Dounin said
support was not available as of October 2009.

Build error --with-debug; ECDHE key exchange TLS problem.[nginx 0.7.62]
http://forum.nginx.org/read.php?2,11737,11737

--
Calomel @ https://calomel.org
Open Source Research and Reference



_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx