Am 10.04.25 um 07:09 schrieb Maxim Dounin:
OTOH, you may try the following patch which tries to use SSL_get0_group_name() and SSL_group_to_name() if available. Note thought that it slightly changes names as seen in the $ssl_curve and $ssl_curves variables. In particular, with OpenSSL 3.5 both on the server and as a client, variables are changed from: $ssl_curve: 0x11ec $ssl_curves: 0x11ec:X25519:prime256v1:X448:secp384r1:secp521r1:ffdhe2048:ffdhe3072 to the following: $ssl_curve: X25519MLKEM768 $ssl_curves: X25519MLKEM768:x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072 Note "X25519" changed to "x25519", and "prime256v1" to "secp256r1". Please let me know what do you think.
Hello Maxim, the patch let freenginx use the expected names I personally prefer over hex numbers. I don't care if I read X25519 or x25519. I also do not know a scenario, where these names matter. But this doesn't mean, they do not exist. If the would exist, an operator may with to decide/configure, which names nginx should use. Andreas
