Hi,

hope you're doing well.

On Tue, Oct 25, 2022 at 11:25:39AM -0400, wordlesswind wrote:
>
> I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and
> I noticed something about "ssl_ecdh_curve auto;".

Well, the `auto' is the default value of the ssl_ecdh_curve directive, [1].

> When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only
> prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order
> for the server.

Is there a official package from [2]?
What's the SSL implementation and its version are there? For OpenSSL
please run

% openssl version -a

It's also possible to see the list of the elliptic curve parameters with
the following command:

% openssl ecparam -list_curves

Refereces
1. https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
2. https://nginx.org/en/linux_packages.html

Thank you.

--
Sergey A. Osokin
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org