From ebfa37be7bd2a5bdaa4e06edaac6626c1130cb74 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sun, 29 Jun 2025 01:48:30 +0000
Subject: [PATCH] feat(nginx): enable secp256r1 ECDH curve

secp256r1 is mandated by IETF RFC8446 section 9.1; use it as a fallback
for X5519, despite it likely never being used.
---
 xb-00-01/nginx/website.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xb-00-01/nginx/website.conf b/xb-00-01/nginx/website.conf
index fc070ad..78b6c5e 100644
--- a/xb-00-01/nginx/website.conf
+++ b/xb-00-01/nginx/website.conf
@@ -1,6 +1,6 @@
 # Inferencium - xb-00-01
 # Nginx - Configuration - Website
-# Version: 10.0.0-alpha.9
+# Version: 10.0.0-alpha.10
 
 # Copyright 2022 Jake Winters
 # SPDX-License-Identifier: BSD-3-Clause
@@ -50,7 +50,7 @@ server {
 		ssl_conf_command Ciphersuites			"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
 		ssl_conf_command Options				PrioritizeChaCha;
 		ssl_prefer_server_ciphers				on;
-		ssl_ecdh_curve							X25519;
+		ssl_ecdh_curve							X25519:secp256r1;
 		ssl_stapling							on;
 		ssl_stapling_verify						on;
 		ssl_session_timeout						1d;