From 190669228936aafa538bd80fe91229d595e30724 Mon Sep 17 00:00:00 2001
From: liberodark <liberodark@gmail.com>
Date: Tue, 27 Nov 2018 18:30:39 +0100
Subject: [PATCH] Remove ECDH curve or change it ? (#579)

Update ECDH curves recommended by Mozilla, now that we are on stretch
---
 data/templates/nginx/server.tpl.conf | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index db42a8e65..464639952 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -30,12 +30,7 @@ server {
     ssl_session_cache shared:SSL:50m;
 
     # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
-    # (this doesn't work on jessie though ...?)
-    # ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
-
-    # As suggested by https://cipherli.st/
-    ssl_ecdh_curve secp384r1;
-
+    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
     ssl_prefer_server_ciphers on;
 
     # Ciphers with intermediate compatibility