Welcome! Log In Create A New Profile

Re: secp521r1 removed from 1.4.6

Forum List Message List New Topic Print View

Maxim Dounin

March 13, 2014 12:28PM

Hello!

On Thu, Mar 13, 2014 at 11:43:37AM -0400, nginxu14 wrote:

> Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use it in
> ssl_ecdh_curve doesnt work but worked in 1.4.5.
>
> Was this just a mistake or is there a reason why it has been removed?

It wasn't - nginx just uses what's available from your OpenSSL
library. Use

$ openssl ecparam -list_curves

to find out which curves are supported by OpenSSL library on your
host.

As long as you are using CentOS 6, likely you've hit something
similar to what's described in this ticket:

http://trac.nginx.org/nginx/ticket/515

I.e., the ssl_ecdh_curve directive is now actually used and the
value is rejected as not supported by OpenSSL on you host, rather
than being ignored.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
secp521r1 removed from 1.4.6	nginxu14	March 13, 2014 11:43AM
Re: secp521r1 removed from 1.4.6	Maxim Dounin	March 13, 2014 12:28PM
Re: secp521r1 removed from 1.4.6	nginxu14	March 13, 2014 03:04PM
Re: secp521r1 removed from 1.4.6	Maxim Dounin	March 14, 2014 05:04AM
Re: secp521r1 removed from 1.4.6	MacLemon	March 14, 2014 10:04AM
Re: secp521r1 removed from 1.4.6	nginxu14	March 14, 2014 08:07PM
Re: secp521r1 removed from 1.4.6	nginxu14	March 14, 2014 06:23PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 125

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018