$ssl_curves
The $ssl_curves variable returns the list of elliptic curves negotiated during the SSL handshake. — NGINX Core (HTTP)
Description
$ssl_curves is a variable in NGINX that contains the names of the elliptic curves that have been negotiated for use during an SSL/TLS session. This variable is particularly relevant when using modern encryption standards to ensure secure communications. The value of this variable is set when an SSL connection is established, and it can reflect multiple curves if the negotiated session supports them. Typical values for this variable might include names such as "P-256", "P-384", or "P-521", depending on the supported curves on both the server and client sides. This variable can be especially useful for monitoring and troubleshooting SSL/TLS connections as it allows for real-time insight into the cryptographic methods being accepted and utilized in secure communications. Administrators can use this information to ensure that their configuration is set to use optimal curves, promoting better security practices in web application deployments. It is worth noting that the specific elliptic curves available for use depend on the OpenSSL library version and its configuration. Essentially, if you are looking to control or optimize the curve settings for your SSL connections, leveraging the $ssl_curves variable can provide valuable insights into how well your configurations align with current security best practices.
Config Example
server {
listen 443 ssl;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location /status {
# Show the negotiated SSL curves for monitoring
add_header Content-Type text/plain;
return 200 "$ssl_curves";
}
}Subsystem
httpCacheable
YesContexts
http, server, location, ifEnsure that your OpenSSL version supports the curves you wish to use; otherwise, the variable may return unexpected results.
Remember that the curves negotiated depend on both the client's and server's supported curves; a misconfiguration may lead to none being selected.