nginx具有384bit Ecc证书和openssl，但曲线secp256r1不能使用。

Question

我在Debian 8上使用nginx 1.11.7和Openssl 1.1.0c，并有一个具有384位密钥的自签名ecc证书用于测试目的。

我想用曲线X25519，secp384r1和secp256r1。

Nginx通常在nginx中启用X25519和secp384r1：

ssl_ecdh_curve X25519:secp384r1;，

但在使用secp256r1时拒绝重新启动/重新加载：

ssl_ecdh_curve secp256r1;

错误消息：SSL_CTX_set1_curves_list("secp256r1") failed (SSL:)。

那么，我如何能够使用上述设置的secp256r1曲线呢？

Answer 1

原来P-256已经从名单上删除了。

请参见：

Why Is TLS 1.3 an advancement over TLS 1.2 or 1.1?
TLS 1.3 removes support for known insecure ciphers such as RC4, DES, 3DES and export grade ciphers as well older hashing algorithms e.g. SHA-1 and MD5. These are welcome changes that should help to reduce the possibility of further vulnerabilities such as SWEET32 and FREAK being present within the code of TLS libraries e.g. OpenSSL.

This reduces the attack surface (defined within the second paragraph of this blog post) of TLS 1.3 but the improvements don’t stop there. Cipher suites such as NIST P-256 and AES-GCM are being removed as primitives with only x25519, ChaCha20 and Poly1305 remaining developed by Dan Bernstein (who uses the handle djb).

出发地：securityinaction.wordpress.com

Answer 2

该nginx版本的正确语法是：

ssl_ecdh_curve P-256;