id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
2542	ssl_ecdh_curve is sometimes ignored in server blocks	Avamander		"Consider a scenario when a single IP `x.y.z.q` has two server blocks. Both server blocks listen on the same port and support TLS. One of those blocks is marked `default_server` and handles the non-SNI requests.

If both blocks define `ssl_ecdh_curve` then it has zero effect on the non-`default_server`. This is done without warning.

One of the possible implications of this is that a more secure configuration is silently ignored. (I stumbled upon this when trying to enable post-quantum key exchange algorithms.)

Understandably nginx can't (currently, even though server_name could be read before KeXs come into play) respect the directive in both blocks, but in that case the ignored one should throw a non-critical warning. Plus, it could be better-documented."	defect	new	minor		nginx-module	1.18.x		ssl_ecdh_curve,kex,default_server	Avamander	5.15.0-78-generic Ubuntu	nginx version: nginx/1.18.0 (Ubuntu)