Welcome! Log In Create A New Profile

Re: About ssl_ecdh_curve auto

Forum List Message List New Topic Print View

Maxim Dounin

October 26, 2022 12:26AM

Hello!

On Wed, Oct 26, 2022 at 06:22:54AM +0300, Sergey A. Osokin wrote:

[...]

> It's also possible to see the list of the elliptic curve parameters with
> the following command:
>
> % openssl ecparam -list_curves

Fun fact: this list only includes standard curves, but not custom
curves such as X25519 or X448, so it is more or less useless.

Not to mention this list has nothing to do with the default list
of supported curves as used by default (and with "ssl_ecdh_curve
auto;" in nginx). As far as I understand, there are no
user-friendly ways to extract this default list from OpenSSL. The
best ways I'm aware of include looking into the code or SSL
handshakes on the wire.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org

Reply Quote

RSS

Subject	Author	Posted
About ssl_ecdh_curve auto	wordlesswind	October 25, 2022 11:25AM
Re: About ssl_ecdh_curve auto	Sergey A. Osokin	October 25, 2022 11:24PM
Re: About ssl_ecdh_curve auto	Maxim Dounin	October 26, 2022 12:26AM
Re: About ssl_ecdh_curve auto	Maxim Dounin	October 26, 2022 12:08AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 324

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018