Hello! On Tue, Oct 25, 2022 at 11:25:39AM -0400, wordlesswind wrote:
> I deployed ECDSA P-256 certificate issued by Let's Encrypt E1 on nginx, and > I noticed something about "ssl_ecdh_curve auto;". > > When I set ssl_protocols to "TLSv1.2 TLSv1.3", ssl_ecdh_curve has only > prime256v1. When set to TLSv1.3, x448 is missing and is the preferred order > for the server. > > As far as I know, the full list of nginx support should be x25519, x448, > secp256r1, secp384r1, secp521r1. > > So what caused the difference in "ssl_ecdh_curve auto;"? The list of curves supported with "ssl_ecdh_curve auto;" depends on the SSL library being used. In recent OpenSSL versions the list is as follows: X25519, secp256r1, X448, secp521r1, secp384r1. In BoringSSL, the list is: X25519, secp256r1, secp384r1. In LibreSSL the list is: X25519, secp256r1, secp384r1. In all cases preferred order is as set by the ssl_prefer_server_ciphers directive. In no cases I see any difference based on the SSL protocols being used (though in theory there might be some, and certainly there is a difference in testing, see below). If you see different behaviour, first of all you may want to check the SSL library you are using (shown by "nginx -V"). It might also make sense to check how do you test things. In particular, when testing with a P-256 certificate over TLSv1.2 and below it is important to include P-256 (aka prime256v1, aka secp256r1) in the client list of supported elliptic curves, or the handshake will fail even if another curve is expected to be used for ephemeral key exchange. This is, however, not needed with TLSv1.3, since signature algorithms in TLSv1.3 explicitly include elliptic curves being used. For example, the following command will be able to establish connection with TLSv1.3, but will fail with TLSv1.2 due to no P-256 in the supported curves: openssl s_client -connect 127.0.0.1:8443 -curves X448 But the following one will use X448 with both TLSv1.2 and TLSv1.3: openssl s_client -connect 127.0.0.1:8443 -curves X448:prime256v1 Hope this helps. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
