freenginx-1.27.5
A. Schulze
sca at andreasschulze.de
Thu Apr 10 20:15:06 UTC 2025
Am 10.04.25 um 07:09 schrieb Maxim Dounin:
> OTOH, you may try the following patch which tries to use
> SSL_get0_group_name() and SSL_group_to_name() if available.
>
> Note thought that it slightly changes names as seen in the
> $ssl_curve and $ssl_curves variables. In particular, with OpenSSL
> 3.5 both on the server and as a client, variables are changed
> from:
>
> $ssl_curve: 0x11ec
> $ssl_curves: 0x11ec:X25519:prime256v1:X448:secp384r1:secp521r1:ffdhe2048:ffdhe3072
>
> to the following:
>
> $ssl_curve: X25519MLKEM768
> $ssl_curves: X25519MLKEM768:x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072
>
> Note "X25519" changed to "x25519", and "prime256v1" to
> "secp256r1".
>
> Please let me know what do you think.
Hello Maxim,
the patch let freenginx use the expected names I personally prefer over hex numbers.
I don't care if I read X25519 or x25519. I also do not know a scenario, where these names matter.
But this doesn't mean, they do not exist. If the would exist, an operator may with to
decide/configure, which names nginx should use.
Andreas
More information about the nginx
mailing list