Removed default Elliptic Curve Cryptography Public Key Algorithm for nginx In case `ssl_ecdh_curve` option un-defined explicitly, nginx sets option to `auto` mode. It allows auto-negotiation ECC between client and server. According to http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve It needed because chromium based browsers un-support secp521r1 Elliptic Curve Cryptography Public Key Algorithm. Related-PROD: PROD-30636 Change-Id: If19d7eedc49a119b064def0b77f1024e2add7d6a

commit: a02e99fb64a158aa9a762b0ab78f9ccef40c6372 [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Mon Jun 03 17:17:19 2019 +0300
committer: oshyshko <oshyshko@mirantis.com> Tue Jun 04 08:34:38 2019 +0000
tree: 565214236774afbac2309484cbfcb7d40c9200ad
parent: 4c3c57de493b83825abfc666482791d26393331d [diff]
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
index dd4f2cd..fdd95a5 100644
--- a/nginx/server/proxy/ssl.yml
+++ b/nginx/server/proxy/ssl.yml

@@ -8,10 +8,6 @@
       dhparam:
         enabled: True
         numbits: 2048
-      ecdh_curve:
-        secp521r1:
-          name: 'secp521r1'
-          enabled: True
       prefer_server_ciphers: "on"
       protocols:
         TLSv1:
commit	a02e99fb64a158aa9a762b0ab78f9ccef40c6372	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Mon Jun 03 17:17:19 2019 +0300
committer	oshyshko <oshyshko@mirantis.com>	Tue Jun 04 08:34:38 2019 +0000
tree	565214236774afbac2309484cbfcb7d40c9200ad
parent	4c3c57de493b83825abfc666482791d26393331d [diff]