Main Content


Elliptic curve used for the ECDHE ciphers


--ssl-tmp-ec-param elliptic_curve_name


--ssl-tmp-ec-param elliptic_curve_name specifies the name of the elliptic curve used for the ECDHE ciphers.

Starting in R2019b, ECDHE ciphers are enabled by default. If you do not specify the elliptic curve name, ECDHE ciphers use a default elliptic curve. The default elliptic curves are in the following order: x25519, secp256r1, x448, secp521r1, secp384r1. During the SSL/TLS handshake, the client advertises the curves that it supports. Based on this client-server negotiation, one of the default curves is used to establish a secure connection for the subsequent data exchange.

For earlier releases, if this property is not specified, all ECDHE ciphers are disabled.



Name of curve. All curves supported by OpenSSL are supported.


Use the prime256v1 curve.

--ssl-tmp-ec-param prime256v1