Welcome! Log In Create A New Profile

Advanced

Re: secp521r1 removed from 1.4.6

Maxim Dounin
March 13, 2014 12:28PM
Hello!

On Thu, Mar 13, 2014 at 11:43:37AM -0400, nginxu14 wrote:

> Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use it in
> ssl_ecdh_curve doesnt work but worked in 1.4.5.
>
> Was this just a mistake or is there a reason why it has been removed?

It wasn't - nginx just uses what's available from your OpenSSL
library. Use

$ openssl ecparam -list_curves

to find out which curves are supported by OpenSSL library on your
host.

As long as you are using CentOS 6, likely you've hit something
similar to what's described in this ticket:

http://trac.nginx.org/nginx/ticket/515

I.e., the ssl_ecdh_curve directive is now actually used and the
value is rejected as not supported by OpenSSL on you host, rather
than being ignored.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

secp521r1 removed from 1.4.6

nginxu14 March 13, 2014 11:43AM

Re: secp521r1 removed from 1.4.6

Maxim Dounin March 13, 2014 12:28PM

Re: secp521r1 removed from 1.4.6

nginxu14 March 13, 2014 03:04PM

Re: secp521r1 removed from 1.4.6

Maxim Dounin March 14, 2014 05:04AM

Re: secp521r1 removed from 1.4.6

MacLemon March 14, 2014 10:04AM

Re: secp521r1 removed from 1.4.6

nginxu14 March 14, 2014 08:07PM

Re: secp521r1 removed from 1.4.6

nginxu14 March 14, 2014 06:23PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 116
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready