Elliptic-curve cryptography for TLS certificates still not quite usable

Today I tried to just chose a elliptic curve for my TLS certifcate which I thought to be suitable, but was very disappointed about the browser support for those curves. I generated a key with a 521 bit curve but realized afterwards that browsers like M$ ones and chromium (wtf?) only support two curves recommended by the NSA.

Okay, sorry, I don’t really care what the NSA recommends, but I can’t put some major browsers before the doorstep. Well, so I reverted back to the 4096bit RSA key, because of the wide adoption.

Maybe I’ll provide a key with P-384 later on.

You know, you’re thinking about some future proof solution, at least for some years, but you’re stopped by slow technology adoption… quite disappointing.

At least I still got my A+ on ssllabs.com:

https://www.ssllabs.com/ssltest/analyze.html?d=mmo.to

Some links:

Why is elliptic curve cryptography not widely used, compared to RSA?
Command Line Elliptic Curve Operations
How do I create an ECDSA certificate with the OpenSSL command-line
StartCom/startssl.com
- Where I get my certificates.

mmo.to

Programming is like magic. You write very specific instructions in arcane languages to invoke commands and if you get it even a little bit wrong you risk unleashing daemons and destroying everything.

Elliptic-curve cryptography for TLS certificates still not quite usable

Related

Share this:

Related