Support for ECC certificates?
Posted: Fri Mar 16, 2018 9:11 pmRecently, Let's Encrypt rolled out their ACME v2 API which started to allow for wildcard certificates to be generated, and the client I was using offered a way to generate ECC keys rather than using RSA. I'm now using a 256-bit ECC public key certificate using ECDSA_P256 (Prime256v1) which seems to work fine for https sites in whatever browser I'm using.
I tried to switch over to this certificate in AMS and while the service started and ran, Outlook errored out and webmail was giving SSL mismatch errors, so I switched back to the RSA-based certificate I was previously using. Both certs are signed with SHA256.
an ECC 256-bit key is about as strong as a 3,072-bit RSA key, but generally more lightweight, and though RSA is still widely used, ECC is the way things seem to be going - are there any plans to support ECC certs or newer encryption algorithms like ECDSA that are equivalent to ECDH x25519?
I tried to switch over to this certificate in AMS and while the service started and ran, Outlook errored out and webmail was giving SSL mismatch errors, so I switched back to the RSA-based certificate I was previously using. Both certs are signed with SHA256.
an ECC 256-bit key is about as strong as a 3,072-bit RSA key, but generally more lightweight, and though RSA is still widely used, ECC is the way things seem to be going - are there any plans to support ECC certs or newer encryption algorithms like ECDSA that are equivalent to ECDH x25519?