我在 Debian 8 上使用nginx 1.11.7,Openssl 1.1.0c并拥有一个带有 384 位密钥的自签名 ecc 证书,用于测试目的。
我想要使用曲线 X25519、secp384r1 和 secp256r1。
Nginx 正常启动,在 nginx 配置中启用 X25519 和 secp384r1:
ssl_ecdh_curve X25519:secp384r1;,
但使用 secp256r1 时拒绝重新启动/重新加载:
ssl_ecdh_curve secp256r1;
错误信息:SSL_CTX_set1_curves_list("secp256r1") failed (SSL:)。
那么,如何才能将 secp256r1 曲线与上述设置结合使用呢?
答案1
事实证明 P-256 已从列表中删除。
看:
Why Is TLS 1.3 an advancement over TLS 1.2 or 1.1?
TLS 1.3 removes support for known insecure ciphers such as RC4, DES, 3DES and export grade ciphers as well older hashing algorithms e.g. SHA-1 and MD5. These are welcome changes that should help to reduce the possibility of further vulnerabilities such as SWEET32 and FREAK being present within the code of TLS libraries e.g. OpenSSL.
This reduces the attack surface (defined within the second paragraph of this blog post) of TLS 1.3 but the improvements don’t stop there. Cipher suites such as NIST P-256 and AES-GCM are being removed as primitives with only x25519, ChaCha20 and Poly1305 remaining developed by Dan Bernstein (who uses the handle djb).
答案2
该 nginx 版本的正确语法是:
ssl_ecdh_curve P-256;