Opened 9 years ago
Closed 9 years ago
#885 closed enhancement (fixed)
Add support for multiple elliptic curves
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | 1.9.x |
Keywords: | tls, elliptic, curve, ecc, ec | Cc: | |
uname -a: | -- | ||
nginx -V: | -- |
Description
Curve25519 is about to land in Chrome 50: https://www.chromestatus.com/feature/5682529109540864
nginx currently does not allow to use more than one curve.
We can't use Curve25519 as a lot of clients will not support it.
Allowing several curves with server preference would help to improve security and compatibility.
Examples:
ssl_ecdh_curve "brainpoolP512r1:secp521r1:prime256v1";
ssl_prefer_server_ecdh_curve on;
or
ssl_ecdh_curve brainpoolP512r1 secp521r1 prime256v1;
ssl_prefer_server_ecdh_curve off;
Also see this request: https://forum.nginx.org/read.php?10,263871,263871
Note:
See TracTickets
for help on using tickets.
See my patch from 2 years ago:
http://mailman.nginx.org/pipermail/nginx-devel/2014-April/005234.html