From cdb1d6b4628db0c8c4482ad466bd481d3fa6a65b Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 8 Oct 2016 11:44:03 +0900
Subject: [PATCH] nghttpx: Add P-384 and P-521 to the default of --ecdh-curves
 option

---
 src/shrpx.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shrpx.cc b/src/shrpx.cc
index bb270b6f..9ccd28c0 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1323,9 +1323,9 @@ void fill_default_config(Config *config) {
 
   tlsconf.session_timeout = std::chrono::hours(12);
 #if OPENSSL_1_1_API
-  tlsconf.ecdh_curves = StringRef::from_lit("X25519:P-256");
+  tlsconf.ecdh_curves = StringRef::from_lit("X25519:P-256:P-384:P-521");
 #else  // !OPENSSL_1_1_API
-  tlsconf.ecdh_curves = StringRef::from_lit("P-256");
+  tlsconf.ecdh_curves = StringRef::from_lit("P-256:P-384:P-521");
 #endif // !OPENSSL_1_1_API
 
   auto &httpconf = config->http;