Support for ECC certificates?

Support for ECC certificates?

Postby EKjellquist » Fri Mar 16, 2018 9:11 pm

Recently, Let's Encrypt rolled out their ACME v2 API which started to allow for wildcard certificates to be generated, and the client I was using offered a way to generate ECC keys rather than using RSA. I'm now using a 256-bit ECC public key certificate using ECDSA_P256 (Prime256v1) which seems to work fine for https sites in whatever browser I'm using.

I tried to switch over to this certificate in AMS and while the service started and ran, Outlook errored out and webmail was giving SSL mismatch errors, so I switched back to the RSA-based certificate I was previously using. Both certs are signed with SHA256.

an ECC 256-bit key is about as strong as a 3,072-bit RSA key, but generally more lightweight, and though RSA is still widely used, ECC is the way things seem to be going - are there any plans to support ECC certs or newer encryption algorithms like ECDSA that are equivalent to ECDH x25519?
EKjellquist
 
Posts: 89
Joined: Tue Sep 09, 2014 10:40 pm

Re: Support for ECC certificates?

Postby Code Crafters » Wed Mar 28, 2018 3:22 pm

We'll look into ECC certificates but for now only RSA Base64 encoded X509 certificates are supported. These still use 2048 bit public key encryption. We will also be looking into supporting TLS v1.3.
Code Crafters
 
Posts: 933
Joined: Mon Sep 10, 2007 2:35 pm


Return to Suggestions

Who is online

Users browsing this forum: No registered users and 2 guests

cron