From 045cceacac6c0162bf65e3acdb40bda76c5af1e9 Mon Sep 17 00:00:00 2001
From: Bob Van Zant <bob@veznat.com>
Date: Thu, 21 Sep 2017 11:56:52 -0700
Subject: [PATCH] Use nginx default value for SSLECDHCurve

This configuration setting permits nginx to auto discover supported curves based on what openssl was compiled with. With the old default of secp384r1 if you attempted to use a key from a different curve, for example prime256v1, the SSL handshake would fail in an awful way without any helpful errors logged anywhere.

The default setting in nginx has been "auto" since 1.11.0
---
 controllers/nginx/pkg/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/nginx/pkg/config/config.go b/controllers/nginx/pkg/config/config.go
index d4121e35b..3280d5e94 100644
--- a/controllers/nginx/pkg/config/config.go
+++ b/controllers/nginx/pkg/config/config.go
@@ -411,7 +411,7 @@ func NewDefault() Configuration {
 		ShowServerTokens:           true,
 		SSLBufferSize:              sslBufferSize,
 		SSLCiphers:                 sslCiphers,
-		SSLECDHCurve:               "secp384r1",
+		SSLECDHCurve:               "auto",
 		SSLProtocols:               sslProtocols,
 		SSLSessionCache:            true,
 		SSLSessionCacheSize:        sslSessionCacheSize,