Opened 4 years ago

Closed 4 years ago

#885 closed enhancement (fixed)

Add support for multiple elliptic curves

Reported by: Commenter123@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.9.x
Keywords: tls, elliptic, curve, ecc, ec Cc:
uname -a: --
nginx -V: --

Description

Curve25519 is about to land in Chrome 50: https://www.chromestatus.com/feature/5682529109540864

nginx currently does not allow to use more than one curve.
We can't use Curve25519 as a lot of clients will not support it.

Allowing several curves with server preference would help to improve security and compatibility.

Examples:
ssl_ecdh_curve "brainpoolP512r1:secp521r1:prime256v1";
ssl_prefer_server_ecdh_curve on;
or
ssl_ecdh_curve brainpoolP512r1 secp521r1 prime256v1;
ssl_prefer_server_ecdh_curve off;

Also see this request: https://forum.nginx.org/read.php?10,263871,263871

Change History (3)

comment:2 by Maxim Dounin <mdounin@…>, 4 years ago

In 6553:2014ed60f17f/nginx:

SSL: support for multiple curves (ticket #885).

OpenSSL 1.0.2+ allows configuring a curve list instead of a single curve
previously supported. This allows use of different curves depending on
what client supports (as available via the elliptic_curves extension),
and also allows use of different curves in an ECDHE key exchange and
in the ECDSA certificate.

The special value "auto" was introduced (now the default for ssl_ecdh_curve),
which means "use an internal list of curves as available in the OpenSSL
library used". For versions prior to OpenSSL 1.0.2 it maps to "prime256v1"
as previously used. The default in 1.0.2b+ prefers prime256v1 as well
(and X25519 in OpenSSL 1.1.0+).

As client vs. server preference of curves is controlled by the
same option as used for ciphers (SSL_OP_CIPHER_SERVER_PREFERENCE),
the ssl_prefer_server_ciphers directive now controls both.

comment:3 by Maxim Dounin, 4 years ago

Resolution: fixed
Status: newclosed

Support committed.

Note: See TracTickets for help on using tickets.