commit | a02e99fb64a158aa9a762b0ab78f9ccef40c6372 | [log] [tgz] |
---|---|---|
author | Oleksandr Shyshko <oshyshko@mirantis.com> | Mon Jun 03 17:17:19 2019 +0300 |
committer | oshyshko <oshyshko@mirantis.com> | Tue Jun 04 08:34:38 2019 +0000 |
tree | 565214236774afbac2309484cbfcb7d40c9200ad | |
parent | 4c3c57de493b83825abfc666482791d26393331d [diff] |
Removed default Elliptic Curve Cryptography Public Key Algorithm for nginx In case `ssl_ecdh_curve` option un-defined explicitly, nginx sets option to `auto` mode. It allows auto-negotiation ECC between client and server. According to http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve It needed because chromium based browsers un-support secp521r1 Elliptic Curve Cryptography Public Key Algorithm. Related-PROD: PROD-30636 Change-Id: If19d7eedc49a119b064def0b77f1024e2add7d6a
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml index dd4f2cd..fdd95a5 100644 --- a/nginx/server/proxy/ssl.yml +++ b/nginx/server/proxy/ssl.yml
@@ -8,10 +8,6 @@ dhparam: enabled: True numbits: 2048 - ecdh_curve: - secp521r1: - name: 'secp521r1' - enabled: True prefer_server_ciphers: "on" protocols: TLSv1: