Why do newer versions of Chromium favor RSA certificates over ECC certificates?
wordlesswind
i at qingly.me
Sat May 21 18:55:29 UTC 2022
Hello,
I noticed that after Chromium 594356 build (71.0.3563.0) it favors RSA
certificates over ECC certificates.
Windows x86-64:
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/
I don't get the idea from the changes in the source code. I'm curious to
know why, since obviously ECC certificates are smaller than RSA
certificates.
Let’s Encrypt
ECC 384 (E1)
RSA 4096 (R3)
nginx.conf:
ssl_stapling on;
resolver 8.8.8.8 1.1.1.1 valid=300s;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
ssl_ecdh_curve secp384r1;
ssl_early_data on;
More information about the nginx
mailing list