ssl_ecdh_curve

Syntax:	`ssl_ecdh_curve curve;`
Default:	`ssl_ecdh_curve auto;`
Context:	`mail`, `server`

This directive appeared in versions 1.1.0 and 1.0.6.

Specifies a curve for ECDHE ciphers.

When using OpenSSL 1.0.2 or higher, it is possible to specify multiple curves (1.11.0), for example:

1	`ssl_ecdh_curve prime256v1:secp384r1;`

The special value auto (1.11.0) instructs nginx to use a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, or prime256v1 with older versions.

Prior to version 1.11.0, the prime256v1 curve was used by default.

Links:

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_ecdh_curve

doc_nginx

2025-01-10 15:47:30

Comments

Popular Articles

ssl_ecdh_curve Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: http, server This directive appeared in versions 1.1.0 and 1.0.6.

ssl_ecdh_curve Syntax: ssl_ecdh_curve curve; Default: ssl_ecdh_curve auto; Context: stream, server Specifies a curve for ECDHE ciphers. When using Op

ssl.SSLContext.set_ecdh_curve() SSLContext.set_ecdh_curve(curve_name) Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) key exchange. ECDH is significantly faster

ECDH Class: ECDH The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) key exchanges. Instances of the ECDH class can be created

ecdh.generateKeys() ecdh.generateKeys([encoding[, format]]) Generates private and public EC Diffie-Hellman key values, and returns the public key in the specified format