From 0154f15d95634347dd295012ebc39ed6f0f61e28 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 20:42:57 +0200
Subject: [PATCH 01/10] [enh] ECDH Curves

---
 data/templates/nginx/server.tpl.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index ac2ff8486..5e69aeca8 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -24,6 +24,7 @@ server {
     ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
+    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;
 

From 8c3c9e697aa584e4c5c775b7431d4e7d79e7753c Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 20:44:44 +0200
Subject: [PATCH 02/10] [enh] ECDH Curves

---
 data/templates/nginx/plain/yunohost_admin.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index 156d61bd6..e293327aa 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -19,6 +19,7 @@ server {
     ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
+    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;
 

From d73789c546383652309392103a9289097d69506f Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 21:21:25 +0200
Subject: [PATCH 03/10] Update server.tpl.conf

---
 data/templates/nginx/server.tpl.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 5e69aeca8..eb3c4a1d5 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -24,6 +24,7 @@ server {
     ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
+    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS
     ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;

From 15a331ec5d6286c1abcbde50ada8fa7b0451426c Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 21:21:44 +0200
Subject: [PATCH 04/10] Update yunohost_admin.conf

---
 data/templates/nginx/plain/yunohost_admin.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index e293327aa..e6f7d16f7 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -19,6 +19,7 @@ server {
     ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
+    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS
     ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;

From f59eed7b7ed410c1b60c32377d6012c132b02623 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 21:33:49 +0200
Subject: [PATCH 05/10] [enh] add X25519 curve

---
 data/templates/nginx/server.tpl.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index eb3c4a1d5..19e7d8ca6 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -24,8 +24,8 @@ server {
     ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
-    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS
-    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
+    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
+    ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
 
     ssl_prefer_server_ciphers on;
 

From 1bb65cfdf8ac09c1dc2dda9a314e1bed4e0c9396 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 21:34:23 +0200
Subject: [PATCH 06/10] [enh] add X25519 curve

---
 data/templates/nginx/plain/yunohost_admin.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index e6f7d16f7..76525aab6 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -19,8 +19,8 @@ server {
     ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
-    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS
-    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
+    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
+    ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
 
     ssl_prefer_server_ciphers on;
 

From 3a4ac25721cffd66847d74d35bebe393030a4029 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 21:40:13 +0200
Subject: [PATCH 07/10] Update yunohost_admin.conf

---
 data/templates/nginx/plain/yunohost_admin.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index 76525aab6..11f5d11d2 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -20,7 +20,7 @@ server {
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
     # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
-    ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
+    ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;
 

From d497fd216a722154848bec10cd2d882f6095b810 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 28 Apr 2018 21:40:39 +0200
Subject: [PATCH 08/10] Update server.tpl.conf

---
 data/templates/nginx/server.tpl.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 19e7d8ca6..421cef712 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -25,7 +25,7 @@ server {
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
     # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
-    ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
+    ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;
 

From 57155c94d85ade8cdbea11490b0ec792aa8573e9 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Tue, 1 May 2018 17:15:55 +0200
Subject: [PATCH 09/10] [Fix] ECDH curve not compatible

---
 data/templates/nginx/plain/yunohost_admin.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf
index 11f5d11d2..b1fb0d2ef 100644
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@@ -20,7 +20,7 @@ server {
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
     # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
-    ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;
+    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;
 

From 6c07296b9f2ae617741c68eacd3e834a4bffe81c Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Tue, 1 May 2018 17:16:27 +0200
Subject: [PATCH 10/10] =?UTF-8?q?[Fix]=C2=A0ECdH=20curve=20not=20compatibl?=
 =?UTF-8?q?e=20with=20Jessie?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 data/templates/nginx/server.tpl.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 421cef712..88296c755 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -25,7 +25,7 @@ server {
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:50m;
     # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
-    ssl_ecdh_curve X25519:secp521r1:secp384r1:prime256v1;
+    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 
     ssl_prefer_server_ciphers on;