<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div dir="auto">
<div dir="auto">This isnt an nginx question.  Ask chromium developers why they chose that approach.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div id="x_composer_signature" dir="auto">
<div dir="auto" style="font-size:12px; color:#575757">Sent from my Galaxy</div>
</div>
<div dir="auto"><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-------- Original message --------</div>
<div>From: wordlesswind via nginx <nginx@nginx.org> </div>
<div>Date: 5/21/22 14:56 (GMT-05:00) </div>
<div>To: nginx@nginx.org </div>
<div>Cc: wordlesswind <i@qingly.me> </div>
<div>Subject: Why do newer versions of Chromium favor RSA certificates over ECC certificates?
</div>
<div><br>
</div>
</div>
<font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hello,<br>
<br>
<br>
I noticed that after Chromium 594356 build (71.0.3563.0) it favors RSA <br>
certificates over ECC certificates.<br>
<br>
<br>
Windows x86-64:<br>
<br>
<a href="https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/">https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/</a><br>
<br>
<a href="https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/">https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/</a><br>
<br>
<br>
I don't get the idea from the changes in the source code. I'm curious to <br>
know why, since obviously ECC certificates are smaller than RSA <br>
certificates.<br>
<br>
<br>
Let’s Encrypt<br>
<br>
ECC 384 (E1)<br>
<br>
RSA 4096 (R3)<br>
<br>
nginx.conf:<br>
         ssl_stapling         on;<br>
         resolver             8.8.8.8 1.1.1.1 valid=300s;<br>
         ssl_stapling_verify  on;<br>
<br>
         ssl_session_cache    shared:SSL:10m;<br>
         ssl_session_timeout  1d;<br>
<br>
         ssl_protocols        TLSv1.2 TLSv1.3;<br>
         ssl_ciphers <br>
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;<br>
         ssl_ecdh_curve       secp384r1;<br>
<br>
         ssl_early_data       on;<br>
<br>
_______________________________________________<br>
nginx mailing list -- nginx@nginx.org<br>
To unsubscribe send an email to nginx-leave@nginx.org<br>
</div>
</span></font>
</body>
</html>