5

Im using nginx 1.11.7 with Openssl 1.1.0c on Debian 8 and have a self signed ecc certificate with 384 Bit Key for testing purposes.

I would like to use the curves X25519, secp384r1 and secp256r1.

Nginx starts normally with X25519 and secp384r1 enabled in nginx config:

ssl_ecdh_curve X25519:secp384r1;,

but refuses to restart/reload when using secp256r1:

ssl_ecdh_curve secp256r1;

The error message: SSL_CTX_set1_curves_list("secp256r1") failed (SSL:).

So how am i able to use the secp256r1 curve with the setup mentioned above?

Henrik N.
  • 103
  • 1
  • 5

2 Answers2

4

Turns out P-256 has been removed from the list.

See:

Why Is TLS 1.3 an advancement over TLS 1.2 or 1.1?
TLS 1.3 removes support for known insecure ciphers such as RC4, DES, 3DES and export grade ciphers as well older hashing algorithms e.g. SHA-1 and MD5. These are welcome changes that should help to reduce the possibility of further vulnerabilities such as SWEET32 and FREAK being present within the code of TLS libraries e.g. OpenSSL.

This reduces the attack surface (defined within the second paragraph of this blog post) of TLS 1.3 but the improvements don’t stop there. Cipher suites such as NIST P-256 and AES-GCM are being removed as primitives with only x25519, ChaCha20 and Poly1305 remaining developed by Dan Bernstein (who uses the handle djb).

From here: securityinaction.wordpress.com

Henrik N.
  • 103
  • 1
  • 5
-1

The correct syntax for that nginx version is:

ssl_ecdh_curve P-256;
anon
  • 1
  • 1
  • Does not work, when i test it at dev.ssllabs.com then at the available curves, it lists only X25519 and secp384r1... – Henrik N. Jan 11 '17 at 20:28