DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use nginx default value for SSLECDHCurve

Browse source 
This configuration setting permits nginx to auto discover supported curves based on what openssl was compiled with. With the old default of secp384r1 if you attempted to use a key from a different curve, for example prime256v1, the SSL handshake would fail in an awful way without any helpful errors logged anywhere.

The default setting in nginx has been "auto" since 1.11.0
This commit is contained in:
Bob Van Zant 2017-09-21 11:56:52 -07:00 committed by GitHub
parent 3c9e6beca5
commit b01fb760a5
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
controllers/nginx/pkg/config/config.go
View file

@ -411,7 +411,7 @@ func NewDefault() Configuration {
ShowServerTokens: true,
SSLBufferSize: sslBufferSize,
SSLCiphers: sslCiphers,
SSLECDHCurve: "secp384r1",
SSLECDHCurve: "auto",
SSLProtocols: sslProtocols,
SSLSessionCache: true,
SSLSessionCacheSize: sslSessionCacheSize,