Hello! On Thu, Mar 13, 2014 at 11:43:37AM -0400, nginxu14 wrote:
> Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use it in > ssl_ecdh_curve doesnt work but worked in 1.4.5. > > Was this just a mistake or is there a reason why it has been removed? It wasn't - nginx just uses what's available from your OpenSSL library. Use $ openssl ecparam -list_curves to find out which curves are supported by OpenSSL library on your host. As long as you are using CentOS 6, likely you've hit something similar to what's described in this ticket: http://trac.nginx.org/nginx/ticket/515 I.e., the ssl_ecdh_curve directive is now actually used and the value is rejected as not supported by OpenSSL on you host, rather than being ignored. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
