Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_ssl_module.xml @ 1711:38fb3e6b71e8
Documented ssl_ecdh_curve changes in 1.11.0.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 27 May 2016 19:05:15 +0300 |
parents | 6f5497797cde |
children | 67b5aac350e4 |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_ssl_module.xml +++ b/xml/en/docs/http/ngx_http_ssl_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_ssl_module" link="/en/docs/http/ngx_http_ssl_module.html" lang="en" - rev="20"> + rev="21"> <section id="summary"> @@ -278,7 +278,7 @@ Specifies a <value>file</value> with DH <directive name="ssl_ecdh_curve"> <syntax><value>curve</value></syntax> -<default>prime256v1</default> +<default>auto</default> <context>http</context> <context>server</context> <appeared-in>1.1.0</appeared-in> @@ -288,6 +288,27 @@ Specifies a <value>file</value> with DH Specifies a <value>curve</value> for ECDHE ciphers. </para> +<para> +When using OpenSSL 1.0.2 or higher, +it is possible to specify multiple curves (1.11.0), for example: +<example> +ssl_ecdh_curve prime256v1:secp384r1; +</example> +</para> + +<para> +The special value <literal>auto</literal> (1.11.0) instructs nginx to use +a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, +or <literal>prime256v1</literal> with older versions. +</para> + +<para> +<note> +Prior to version 1.11.0, +the <literal>prime256v1</literal> curve was used by default. +</note> +</para> + </directive>