Welcome! Log In Create A New Profile

Advanced

Re: secp521r1 removed from 1.4.6

Maxim Dounin
March 14, 2014 05:04AM
Hello!

On Thu, Mar 13, 2014 at 03:04:11PM -0400, nginxu14 wrote:

> Sorry for wasting your time you are correct secp512r1 isnt there when I run
> the command.
>
> Im guessing that secp256r1 isnt in the list because its just the default
> one. Just using the default settings and not setting a curve uses secp256r1
> and secp384r1 works by setting it in ssl_ecdh_curve.

Secp256r1 and prime256v1 are just different names of the same
curve. (And yes, it's used by default.)

> I like CentOS its the only OS I use for servers but this kind of thing
> annoys me about CentOS because its waiting for Red Hat to enable secp521r1.
> I dont have the need for it but it would be nice to have the option.

256 bit ECC is believed to be equivalent to 3096 bit RSA, and 521
bit ECC - to 16384 bit RSA. So in case of https, unless you are
using 16384 bit RSA certificates, use of secp521r1 is mostly
pointless and just wastes CPU cycles.

> Looking at this: https://bugzilla.redhat.com/show_bug.cgi?id=1021897#c7 it
> is coming but not sure when.

Note well that this link correctly points out that secp521r1 isn't
supported by IE (yet?), so it's use isn't a good idea from
compatibility point of view, too.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

secp521r1 removed from 1.4.6

nginxu14 March 13, 2014 11:43AM

Re: secp521r1 removed from 1.4.6

Maxim Dounin March 13, 2014 12:28PM

Re: secp521r1 removed from 1.4.6

nginxu14 March 13, 2014 03:04PM

Re: secp521r1 removed from 1.4.6

Maxim Dounin March 14, 2014 05:04AM

Re: secp521r1 removed from 1.4.6

MacLemon March 14, 2014 10:04AM

Re: secp521r1 removed from 1.4.6

nginxu14 March 14, 2014 08:07PM

Re: secp521r1 removed from 1.4.6

nginxu14 March 14, 2014 06:23PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 99
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready