Why do newer versions of Chromium favor RSA certificates over ECC certificates?
Thomas Ward
teward at thomas-ward.net
Sat May 21 19:41:43 UTC 2022
This isnt an nginx question. Ask chromium developers why they chose that approach.
Sent from my Galaxy
-------- Original message --------
From: wordlesswind via nginx <nginx at nginx.org>
Date: 5/21/22 14:56 (GMT-05:00)
To: nginx at nginx.org
Cc: wordlesswind <i at qingly.me>
Subject: Why do newer versions of Chromium favor RSA certificates over ECC certificates?
Hello,
I noticed that after Chromium 594356 build (71.0.3563.0) it favors RSA
certificates over ECC certificates.
Windows x86-64:
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/
https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/
I don't get the idea from the changes in the source code. I'm curious to
know why, since obviously ECC certificates are smaller than RSA
certificates.
Let’s Encrypt
ECC 384 (E1)
RSA 4096 (R3)
nginx.conf:
ssl_stapling on;
resolver 8.8.8.8 1.1.1.1 valid=300s;
ssl_stapling_verify on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
ssl_ecdh_curve secp384r1;
ssl_early_data on;
_______________________________________________
nginx mailing list -- nginx at nginx.org
To unsubscribe send an email to nginx-leave at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220521/47281529/attachment.htm>
More information about the nginx
mailing list