$ssl_curve
The $ssl_curve variable returns the name of the elliptic curve used for SSL/TLS connections. — NGINX Core (HTTP)
Description
The $ssl_curve variable is utilized in NGINX to expose the elliptic curve being used for establishing an SSL/TLS connection. This variable is specific to connections that utilize the SSL protocol and is set once the SSL handshake has been completed successfully. The value of this variable can vary depending on the elliptic curve that has been negotiated between the client and the server during the handshake process. Common values include 'P-256', 'P-384', 'P-521', and others as specified by the server's SSL/TLS configuration. The value of $ssl_curve is particularly useful for logging or conditional access control scenarios within your NGINX configuration. It can help administrators understand which curves are being employed, which might translate to performance considerations or security compliance needs. It is essential to note that this variable will only be valid in contexts where SSL is active, and it should not be used outside of an SSL-enabled server block or a location handling secure traffic. Usage of the $ssl_curve variable in configurations should be approached with an understanding of the SSL/TLS protocols and the significance of the elliptic curve chosen for cryptographic operations, especially in constantly evolving security contexts.
Config Example
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
add_header X-Ssl-Curve $ssl_curve;
# Other location directives
}
}Subsystem
httpCacheable
YesContexts
http, server, location, ifEnsure SSL is enabled in the server block; otherwise, this variable will not be set.
Be mindful of the security implications of exposing elliptic curve information in headers; potential information leakage on the cipher suite in use.
This variable may not be available in all builds of NGINX, ensure your build includes the necessary modules.