Mercurial > hg > nginx-site
diff xml/en/docs/stream/ngx_stream_ssl_module.xml @ 1711:38fb3e6b71e8
Documented ssl_ecdh_curve changes in 1.11.0.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 27 May 2016 19:05:15 +0300 |
| parents | 6f5497797cde |
| children | a0bc284941f6 |
line wrap: on
line diff
--- a/xml/en/docs/stream/ngx_stream_ssl_module.xml +++ b/xml/en/docs/stream/ngx_stream_ssl_module.xml @@ -9,7 +9,7 @@ <module name="Module ngx_stream_ssl_module" link="/en/docs/stream/ngx_stream_ssl_module.html" lang="en" - rev="6"> + rev="7"> <section id="summary"> @@ -154,7 +154,7 @@ Specifies a <value>file</value> with DH <directive name="ssl_ecdh_curve"> <syntax><value>curve</value></syntax> -<default>prime256v1</default> +<default>auto</default> <context>stream</context> <context>server</context> @@ -162,6 +162,27 @@ Specifies a <value>file</value> with DH Specifies a <value>curve</value> for ECDHE ciphers. </para> +<para> +When using OpenSSL 1.0.2 or higher, +it is possible to specify multiple curves (1.11.0), for example: +<example> +ssl_ecdh_curve prime256v1:secp384r1; +</example> +</para> + +<para> +The special value <literal>auto</literal> (1.11.0) instructs nginx to use +a list built into the OpenSSL library when using OpenSSL 1.0.2 or higher, +or <literal>prime256v1</literal> with older versions. +</para> + +<para> +<note> +Prior to version 1.11.0, +the <literal>prime256v1</literal> curve was used by default. +</note> +</para> + </directive>