Hello guys, I enabled ssl_reject_handshake in the first 443 server segment of nginx.conf to prevent someone from scanning the IP to detect the certificate. ``` server { listen 443 ssl reuseport; listen [::]:443 ssl; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_dhparam /root/dhparam; ssl_protocolsby wordlesswind - Nginx Mailing List - English
Hello guys, I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and I noticed something about "ssl_ecdh_curve auto;". When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order for the server. As far as I know, the full list of nginx support should be x25519, x44by wordlesswind - Nginx Mailing List - English