Removed default Elliptic Curve Cryptography Public Key Algorithm for nginx In case `ssl_ecdh_curve` option un-defined explicitly, nginx sets option to `auto` mode. It allows auto-negotiation ECC between client and server. According to http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve It needed because chromium based browsers un-support secp521r1 Elliptic Curve Cryptography Public Key Algorithm. Related-PROD: PROD-30636 Change-Id: If19d7eedc49a119b064def0b77f1024e2add7d6a

commit: 11013cb7b21917c0331b19bf227660bedae79ab0 [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Mon Jun 03 17:17:19 2019 +0300
committer: oshyshko <oshyshko@mirantis.com> Tue Jun 04 08:28:07 2019 +0000
tree: f504bbf071fa2e8f286632fcd7e242f8938266fa
parent: 0e8728ce86d8e09c9e0d10a1e6b28a3920f15d3f [diff]
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
index dd4f2cd..fdd95a5 100644
--- a/nginx/server/proxy/ssl.yml
+++ b/nginx/server/proxy/ssl.yml

@@ -8,10 +8,6 @@
       dhparam:
         enabled: True
         numbits: 2048
-      ecdh_curve:
-        secp521r1:
-          name: 'secp521r1'
-          enabled: True
       prefer_server_ciphers: "on"
       protocols:
         TLSv1:
commit	11013cb7b21917c0331b19bf227660bedae79ab0	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Mon Jun 03 17:17:19 2019 +0300
committer	oshyshko <oshyshko@mirantis.com>	Tue Jun 04 08:28:07 2019 +0000
tree	f504bbf071fa2e8f286632fcd7e242f8938266fa
parent	0e8728ce86d8e09c9e0d10a1e6b28a3920f15d3f [diff]