Im using nginx 1.11.7
with Openssl 1.1.0c
on Debian 8 and have a self signed ecc certificate with 384 Bit Key for testing purposes.
I would like to use the curves X25519, secp384r1 and secp256r1.
Nginx starts normally with X25519 and secp384r1 enabled in nginx config:
ssl_ecdh_curve X25519:secp384r1;
,
but refuses to restart/reload when using secp256r1:
ssl_ecdh_curve secp256r1;
The error message: SSL_CTX_set1_curves_list("secp256r1") failed (SSL:)
.
So how am i able to use the secp256r1 curve with the setup mentioned above?
Best Answer
Turns out P-256 has been removed from the list.
See:
From here: securityinaction.wordpress.com