id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
993	support for X25519 in ssl_ecdh_curve	Wonderfall@…		"I use nginx statically linked against BoringSSL, which supports X25519. But here is what I get when I set ssl_ecdh_curve to X25519 : 

nginx: [emerg] EC_KEY_new_by_curve_name(""X25519"") failed (SSL: error:0f00007b:elliptic curve routines:OPENSSL_internal:UNKNOWN_GROUP)
nginx: configuration file /etc/nginx/conf/nginx.conf test failed

(It doesn't seem EC_KEY is used for X25519 in BoringSSL.)"	defect	closed	major		nginx-core	1.11.x	wontfix			Linux cat 4.6.1 #1 SMP Thu Jun 2 13:07:39 CEST 2016 x86_64 GNU/Linux	"nginx version: nginx/1.11.1
built by gcc 5.3.0 (Alpine 5.3.0)
built with OpenSSL 1.0.2 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/sbin/nginx --with-cc-opt='-g -O3 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -I ../boringssl/.openssl/include/' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -L ../boringssl/.openssl/lib' --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-http_stub_status_module --with-file-aio --with-threads --with-pcre-jit --without-http_ssi_module --without-http_scgi_module --without-http_uwsgi_module --without-http_geo_module --without-http_autoindex_module --without-http_map_module --without-http_split_clients_module --without-http_memcached_module --without-http_empty_gif_module --without-http_browser_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --add-module=/tmp/ngx_brotli"