Hello!
On Wed, Jul 06, 2016 at 09:15:59AM +0200, Florian Reinhart wrote:
> Is there any way to know what curves "auto" will include on my
> system?
This is not currently possible, AFAIK, and depends on the OpenSSL
library used. Here is a short summary for varions OpenSSL version
I've previou
Hello,
The following are in auto:
secp256r1
secp521r1
brainpool512r1
brainpoolP384r1
secp384r1
brainpoolP256r1
secp256k1
If not configured with OPENSSL_NO_EC2M
sect571r1
sect571k1
sect409k1
sect409r1
sect283k1
sect283r1
#endif
From OpenSSL source:
https://github.com/openssl/openssl
Hi Maxim!
Thanks for investigating this! I thought ssl_ecdh_curve was only used to
specific curves for ECDHE.
Is there any way to know what curves "auto" will include on my system?
—Florian
> On 05 Jul 2016, at 20:16, Maxim Dounin wrote:
>
> Hello!
>
> On Tue, Jul 05, 2016 at 05:02:07PM +02
Hello!
On Tue, Jul 05, 2016 at 05:02:07PM +0200, Florian Reinhart wrote:
> It is the same certificate on both servers and it is indeed a
> secp256r1 aka prime256v1 certificate. So does this mean, I have
> to use prime256v1 for ssl_ecdh_curve with this certificate? It’s
> still strange that it
Thanks a lot for your suggestions.
It is the same certificate on both servers and it is indeed a secp256r1 aka
prime256v1 certificate. So does this mean, I have to use prime256v1 for
ssl_ecdh_curve with this certificate? It’s still strange that it used to work
before...
Here is what the error
Hello!
On Tue, Jul 05, 2016 at 04:02:21PM +0200, Florian Reinhart wrote:
> Hi Maxim!
>
> That’s what I thought. However, all clients can access the nginx server on
> the old Ubuntu 14.04 server, which uses the same config,
>
> I tested the following clients on OS X 10.11.5, all failed to conne
Hi Maxim!
That’s what I thought. However, all clients can access the nginx server on the
old Ubuntu 14.04 server, which uses the same config,
I tested the following clients on OS X 10.11.5, all failed to connect:
curl, installed from Homebrew: curl 7.49.1 (x86_64-apple-darwin15.5.0)
libcurl/7.
Hello!
On Tue, Jul 05, 2016 at 02:00:04PM +0200, Florian Reinhart wrote:
> Hi all,
>
> I was running nginx 1.9.12 on Ubuntu 14.04 built from the source tarball with
> these options: --with-ipv6 --with-http_ssl_module --with-http_v2_module
> --with-openssl=/openssl-1.0.2g
>
> While switching t
Hi all,
I was running nginx 1.9.12 on Ubuntu 14.04 built from the source tarball with
these options: --with-ipv6 --with-http_ssl_module --with-http_v2_module
--with-openssl=/openssl-1.0.2g
While switching to a new server, I also wanted to switch to the nginx Docker
container using my existing
