If you use TLS 1.3 you should enable prime256v1 signature algorithm. Without this SSL Lab reports TLS_AES_128_GCM_SHA256 (0x1301) signature as weak. If you do not set ssh_ecdh_curve, then the NGINX will use its default settings, e.g. Chrome will p...
Without this SSL Lab reports TLS_AES_128_GCM_SHA256 (0x1301) signature as weak. If you do not set ssh_ecdh_curve, then the NGINX will use its default settings, e.g. Chrome will prefer x25519, but this is not recommended because you can not control the NGINX's default settings (...