Use nginx default value for SSLECDHCurve
This configuration setting permits nginx to auto discover supported curves based on what openssl was compiled with. With the old default of secp384r1 if you attempted to use a key from a different curve, for example prime256v1, the SSL handshake would fail in an awful way without any helpful errors logged anywhere. The default setting in nginx has been "auto" since 1.11.0
This commit is contained in:
Bob Van Zant
GitHub
parent
37bd14dcd2
commit
045cceacac
1 changed files with 1 additions and 1 deletions
|
|
@ -411,7 +411,7 @@ func NewDefault() Configuration {
|
||||||
ShowServerTokens: true,
|
ShowServerTokens: true,
|
||||||
SSLBufferSize: sslBufferSize,
|
SSLBufferSize: sslBufferSize,
|
||||||
SSLCiphers: sslCiphers,
|
SSLCiphers: sslCiphers,
|
||||||
SSLECDHCurve: "secp384r1",
|
SSLECDHCurve: "auto",
|
||||||
SSLProtocols: sslProtocols,
|
SSLProtocols: sslProtocols,
|
||||||
SSLSessionCache: true,
|
SSLSessionCache: true,
|
||||||
SSLSessionCacheSize: sslSessionCacheSize,
|
SSLSessionCacheSize: sslSessionCacheSize,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue