Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use
it in
ssl_ecdh_curve doesnt work but worked in 1.4.5.
Was this just a mistake or is there a reason why it has been removed?
Thanks.
Posted at Nginx Forum:
Hello!
On Thu, Mar 13, 2014 at 11:43:37AM -0400, nginxu14 wrote:
Hi, It seems that secp521r1 has been removed from 1.4.6. Trying to use it in
ssl_ecdh_curve doesnt work but worked in 1.4.5.Was this just a mistake or is there a reason why it has been removed?
It wasn’t - nginx just uses what’s available from your OpenSSL
library. Use
$ openssl ecparam -list_curves
to find out which curves are supported by OpenSSL library on your
host.
As long as you are using CentOS 6, likely you’ve hit something
similar to what’s described in this ticket:
http://trac.nginx.org/nginx/ticket/515
I.e., the ssl_ecdh_curve directive is now actually used and the
value is rejected as not supported by OpenSSL on you host, rather
than being ignored.
–
Maxim D.
http://nginx.org/
Sorry for wasting your time you are correct secp512r1 isnt there when I
run
the command.
Im guessing that secp256r1 isnt in the list because its just the default
one. Just using the default settings and not setting a curve uses
secp256r1
and secp384r1 works by setting it in ssl_ecdh_curve.
I like CentOS its the only OS I use for servers but this kind of thing
annoys me about CentOS because its waiting for Red Hat to enable
secp521r1.
I dont have the need for it but it would be nice to have the option.
Looking at this: 1021897 – Enable curve secp521r1
it
is coming but not sure when.
Thanks very much for your help.
Posted at Nginx Forum:
On 14.03.2014, at 10:02, Maxim D. [email protected] wrote:
Note well that this link correctly points out that secp521r1 isn’t
supported by IE (yet?), so it’s use isn’t a good idea from
compatibility point of view, too.
IE is the odd one out when it comes to ECC curves support. All other
browsers I’ve checked do support secp521r1 (and secp384r1/secp256r1).
We’re recommending to use secp384r1 in our Applied Crypto Hardening[0]
guide IF you decide to use ECC with NIST curves. If you want to provide
forward secrecy to IE users you need to use ECC (ECDHE) since IE (again)
is the only browser (I know of) to not support DHE.
Instead of removing curves we would actually need support for
curve_lists since OpenSSL does support this if a list is passed by an
application linked against it. This would open the chance to support
better curves[1] with nothing-up-your-sleve numbers with a fallback to
NIST curves. IMHO this could really help with the old chicken-and-egg
problem of server vs. client support.
Best regards
MacLemon
Full disclosure: I’m a co-author of Applied crypto hardening.
[0]: https://bettercrypto.org/
[1]: http://safecurves.cr.yp.to/
Hello!
On Thu, Mar 13, 2014 at 03:04:11PM -0400, nginxu14 wrote:
Sorry for wasting your time you are correct secp512r1 isnt there when I run
the command.Im guessing that secp256r1 isnt in the list because its just the default
one. Just using the default settings and not setting a curve uses secp256r1
and secp384r1 works by setting it in ssl_ecdh_curve.
Secp256r1 and prime256v1 are just different names of the same
curve. (And yes, it’s used by default.)
I like CentOS its the only OS I use for servers but this kind of thing
annoys me about CentOS because its waiting for Red Hat to enable secp521r1.
I dont have the need for it but it would be nice to have the option.
256 bit ECC is believed to be equivalent to 3096 bit RSA, and 521
bit ECC - to 16384 bit RSA. So in case of https, unless you are
using 16384 bit RSA certificates, use of secp521r1 is mostly
pointless and just wastes CPU cycles.
Looking at this: 1021897 – Enable curve secp521r1 it
is coming but not sure when.
Note well that this link correctly points out that secp521r1 isn’t
supported by IE (yet?), so it’s use isn’t a good idea from
compatibility point of view, too.
–
Maxim D.
http://nginx.org/
Yeh I think MS just loves being crap and doing things wrong. Same from
my
testing and research ive seen all browsers except MS support both DHE
and
secp521r1.
Ive heard of support for a list of curves and then the best supported is
used but im not sure if browsers actually support this yet.
Posted at Nginx Forum:
Maxim D. Wrote:
one. Just using the default settings and not setting a curve uses
I dont have the need for it but it would be nice to have the option.
Note well that this link correctly points out that secp521r1 isn’t
nginx Info Page
For me its just about having the option. I know secp521r1 is coming from
Red
Hat. In the same link a member of staff says they got the go ahead from
Legal. I read somewhere the problem is because its patented and Red Hat
dont
want to risk it. Hopefully in the next few months its enabled/added.
Posted at Nginx Forum: