nginx with 384-Bit Ecc Certificate and openssl but curve secp256r1 not usable

nginx ssl openssl

Solution 1:

Turns out P-256 has been removed from the list.

See:

Why Is TLS 1.3 an advancement over TLS 1.2 or 1.1?
TLS 1.3 removes support for known insecure ciphers such as RC4, DES, 3DES and export grade ciphers as well older hashing algorithms e.g. SHA-1 and MD5. These are welcome changes that should help to reduce the possibility of further vulnerabilities such as SWEET32 and FREAK being present within the code of TLS libraries e.g. OpenSSL.

This reduces the attack surface (defined within the second paragraph of this blog post) of TLS 1.3 but the improvements don’t stop there. Cipher suites such as NIST P-256 and AES-GCM are being removed as primitives with only x25519, ChaCha20 and Poly1305 remaining developed by Dan Bernstein (who uses the handle djb).

From here: securityinaction.wordpress.com

Related

Customize Windows8 dot1x / PEAP WiFi username per SSID
IP addresses denied in /etc/hosts.allow appear in /etc/csf/csf.deny?
How to configure a MikroTik hAP ac lite router as a Layer 2 switch?
NFS Performance issues on Oracle Linux 6.7: Shared libraries on NFS slow down system
What AWS service to avoid CORS issues with S3 static content and aws backends
How do I tell why a systemd service was started?
sftp How to get stat attributes?
Connection timed out on new AWS RDS instances - can connect to older, almost identical RDS with no issue
postfix/smtp: fatal: unknown service: smtp/tcp – but /var/spool/postfix/etc/services exists
RabbitMq Management plugin only on localhost
ssh warning: <no hostip for proxy command>
file copy using restore privilege