-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider adding an option for ECDSA keys #559
Comments
Thanks for opening this! To me this sounds like a good enhancement if it's provided as an option, any thoughts on how you'd incorporate that into the existing API? Also would you be willing to contribute the change if we can agree on a design? |
My suggestion would be to add a class KeyType(Enum):
RSA = 0
ECDSA = 1
# Can easily be extended with more keytypes or more specific keytypes, e.g.
RSA_4096 = 2
I'm happy to implement this. |
Are ECDSA keys universally supported? If so then we should probably also make them the default, because it's effectively a free speedup. Having an optional arg to |
Browsers have wide support according to https://developers.cloudflare.com/ssl/reference/browser-compatibility/:
I haven't been able to figure out when OpenSSL introduced support for that specific key for certificates and I'm not sure what else we need to check. I'm also happy to make this the default if we find that support is good. |
Given this stackoverflow question was posted in 2012, ecdsa certs have been supported in openssl since at least version 1.0.1. I think it is fine in that case to switch to ecdsa certs. |
ECDSA keys can be generated much faster.
Benchmarks
Benchmarks of the tests using
hyperfine
:RSA
ECDSA (using secp521r1)
For these last results, startup time becomes relevant, as
pytest
reports ~0.55sDiff for the ECDSA benchmarks
The text was updated successfully, but these errors were encountered: