New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can I use ECDSA certificates? #1716

Open
thijzert opened this Issue Jul 9, 2015 · 9 comments

Comments

Projects
None yet
10 participants
@thijzert

thijzert commented Jul 9, 2015

I know it may be a bit out of place here, but I'd really like to know what browsers I'd be leaving behind if i were to deploy an ECDSA-only HTTPS site.

A cursory glance in SSLLabs [1] indicates I may be leaving some old versions of IE behind. However, their browser repository is neither as complete nor as accessible as caniuse.com.

@coolaj86

This comment has been minimized.

Show comment
Hide comment

+1

@as-com

This comment has been minimized.

Show comment
Hide comment

as-com commented Dec 28, 2015

+1

@yuanyuanlife

This comment has been minimized.

Show comment
Hide comment

+1

@kornelski

This comment has been minimized.

Show comment
Hide comment
@kornelski

kornelski May 20, 2016

Here's a test URL using this type of certificate:

https://ecdsa.scotthelme.co.uk/

Here's a test URL using this type of certificate:

https://ecdsa.scotthelme.co.uk/

@alexanderkjeldaas

This comment has been minimized.

Show comment
Hide comment
@alexanderkjeldaas

alexanderkjeldaas Aug 8, 2016

Also relevant to gauge the efficienty of seting up dual ssl in nginx backed by letsencrypt.

Also relevant to gauge the efficienty of seting up dual ssl in nginx backed by letsencrypt.

@Calico90

This comment has been minimized.

Show comment
Hide comment
@Calico90

Calico90 Apr 20, 2017

Contributor

+1

Contributor

Calico90 commented Apr 20, 2017

+1

@Bisaloo

This comment has been minimized.

Show comment
Hide comment

Bisaloo commented Aug 27, 2017

+1

@thijzert

This comment has been minimized.

Show comment
Hide comment
@thijzert

thijzert Aug 30, 2017

Actually, in the two years since I submitted this issue I've learned that if it were up to browsers, everyone would switch to ECDSA yesterday. However, the bottleneck in this scenario are corporate firewalls that MitM (decrypt and re-encrypt) all network traffic. If those devices aren't aware of ECDSA, the connection fails regardless of browser version. This is much harder to measure, unfortunately.

If we include it in this list one could get the false sense of security that an ECDSA-only site can be reached by ~98% of all browsers, but in reality, depending on your target audience, you're only available to e.g. ~70% of your customers.

Actually, in the two years since I submitted this issue I've learned that if it were up to browsers, everyone would switch to ECDSA yesterday. However, the bottleneck in this scenario are corporate firewalls that MitM (decrypt and re-encrypt) all network traffic. If those devices aren't aware of ECDSA, the connection fails regardless of browser version. This is much harder to measure, unfortunately.

If we include it in this list one could get the false sense of security that an ECDSA-only site can be reached by ~98% of all browsers, but in reality, depending on your target audience, you're only available to e.g. ~70% of your customers.

@dylmye

This comment has been minimized.

Show comment
Hide comment
@dylmye

dylmye Feb 18, 2018

This issue has been open for a long time. I also want to add that TLS 1.2 isn't supported. Any update?

dylmye commented Feb 18, 2018

This issue has been open for a long time. I also want to add that TLS 1.2 isn't supported. Any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment