Am 10.04.25 um 07:09 schrieb Maxim Dounin:
OTOH, you may try the following patch which tries to use
SSL_get0_group_name() and SSL_group_to_name() if available.

Note thought that it slightly changes names as seen in the
$ssl_curve and $ssl_curves variables.  In particular, with OpenSSL
3.5 both on the server and as a client, variables are changed
from:

$ssl_curve: 0x11ec
$ssl_curves: 
0x11ec:X25519:prime256v1:X448:secp384r1:secp521r1:ffdhe2048:ffdhe3072

to the following:

$ssl_curve: X25519MLKEM768
$ssl_curves: 
X25519MLKEM768:x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072

Note "X25519" changed to "x25519", and "prime256v1" to
"secp256r1".

Please let me know what do you think.

Hello Maxim,

the patch let freenginx use the expected names I personally prefer over hex 
numbers.
I don't care if I read X25519 or x25519. I also do not know a scenario, where 
these names matter.
But this doesn't mean, they do not exist. If the would exist, an operator may 
with to
decide/configure, which names nginx should use.

Andreas

Reply via email to