Support for ECC certificates?

[EKjellquist]

Recently, Let's Encrypt rolled out their ACME v2 API which started to allow for wildcard certificates to be generated, and the client I was using offered a way to generate ECC keys rather than using RSA. I'm now using a 256-bit ECC public key certificate using ECDSA_P256 (Prime256v1) which seems to work fine for https sites in whatever browser I'm using.

I tried to switch over to this certificate in AMS and while the service started and ran, Outlook errored out and webmail was giving SSL mismatch errors, so I switched back to the RSA-based certificate I was previously using. Both certs are signed with SHA256.

an ECC 256-bit key is about as strong as a 3,072-bit RSA key, but generally more lightweight, and though RSA is still widely used, ECC is the way things seem to be going - are there any plans to support ECC certs or newer encryption algorithms like ECDSA that are equivalent to ECDH x25519?

[Code Crafters]

We'll look into ECC certificates but for now only RSA Base64 encoded X509 certificates are supported. These still use 2048 bit public key encryption. We will also be looking into supporting TLS v1.3.