SSL ECC 256 bit vs RSA 2048 bit SSL

eva2000 · Aug 14, 2014

Edit: split off posts to new thread

had to modify my curl command as sslspdy.com used ECDHE_ECDSA so needed to pass the appropriate cipher too

Code:

curl -1IsS https://sslspdy.com
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

Code:

curl -1IsS --ciphers ecdhe_ecdsa_aes_128_sha https://sslspdy.com
HTTP/1.1 200 OK
Server: nginx centminmod
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Date: Tue, 10 Feb 1970 22:32:54 GMT
X-Page-Speed: 1.8.31.4-4009
Cache-Control: max-age=0, no-cache

verbose check with curl 7.37

Code:

curl -16IsS https://sslspdy.com -v
* Rebuilt URL to: https://sslspdy.com/
* Hostname was NOT found in DNS cache
*   Trying 2604:180:1::fd2c:e402...
* Connected to sslspdy.com (2604:180:1::fd2c:e402) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
*        subject: OU=Domain Control Validated; OU=Free SSL; CN=sslspdy.com
*        start date: 2014-08-02 00:00:00 GMT
*        expire date: 2014-10-31 23:59:59 GMT
*        subjectAltName: sslspdy.com matched
*        issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA
*        SSL certificate verify ok.
> HEAD / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: sslspdy.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
* Server nginx centminmod is not blacklisted
< Server: nginx centminmod
Server: nginx centminmod
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=31536000
< Date: Wed, 11 Feb 1970 02:43:30 GMT
Date: Wed, 11 Feb 1970 02:43:30 GMT
< X-Page-Speed: 1.8.31.4-4009
X-Page-Speed: 1.8.31.4-4009
< Cache-Control: max-age=0, no-cache
Cache-Control: max-age=0, no-cache

<
* Connection #0 to host sslspdy.com left intact

Floren · Aug 14, 2014

@eva2000, enable ECDHE_RSA. I think is faster than ECDHE_ECDSA. I have it enabled on my server.

eva2000 · Aug 14, 2014

Floren said: ↑

@eva2000, enable ECDHE_RSA. I think is faster than ECDHE_ECDSA. I have it enabled on my server.
Click to expand...

you sure A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography | CloudFlare Blog
RSA 2048 bit vs ECC 256 bit Benchmarks

Example tested on 512MB KVM RamNode VPS with 2 cpu cores with Centmin Mod Nginx web stack installed. ECC 256 bit (ECDSA) sign per seconds 6,453 sign/s vs RSA 2048 bit (RSA) 610 sign/s = ECC 256 bit is 10.5x times faster than RSA.
Code:
rsa 2048 bits 0.001638s 0.000050s    610.4  19826.5
256 bit ecdsa (nistp256)  0.0002s  0.0006s  6453.3  1805.5
Full results
Code:
openssl speed rsa

                  sign    verify    sign/s verify/s
rsa  512 bits 0.000071s 0.000006s  14035.5 169609.7
rsa 1024 bits 0.000278s 0.000016s   3595.2  63880.8
rsa 2048 bits 0.001638s 0.000050s    610.4  19826.5
rsa 4096 bits 0.011912s 0.000191s     84.0   5247.4
Code:
openssl speed ecdsa

                              sign    verify    sign/s verify/s
256 bit ecdsa (nistp256)   0.0002s   0.0006s   6453.3   1805.5
384 bit ecdsa (nistp384)   0.0003s   0.0012s   3596.1    840.6
521 bit ecdsa (nistp521)   0.0005s   0.0027s   1851.1    371.6
Click to expand...

Floren · Aug 15, 2014

@eva2000, thanks for the info, I did not know this.
How do you force ECDHE_ECDSA instead of ECDHE_RSA? I really don't want to disable it.

Floren · Aug 15, 2014

@eva2000, this is the list of ciphers I have now enabled:

Code:

# openssl ciphers -v 'ciphers go here'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

How do I force ECDHE-ECDSA-AES128-GCM-SHA256 first?

BTW, your site goes through RSA also in Chrome:

eva2000 · Aug 15, 2014

@Floren, I split off these posts from the other thread and moved to Email, Domains and SSL forums

For background info see Nginx - Centmin Mod Nginx VHOST SPDY SSL Generator testing | Centmin Mod Community

I chose to continue using RSA 2048 bit and thus ECDHE_RSA for key exchange mechanism for centminmod.com wildcard SSL Certificate for better compatibility as it's clear some tools like curl would have issues still and I have no control of 3rd party monitoring and whether it supports ECDSA yet. I plan to use dual SSL wildcard certificates though, so with centminmod.com I am going to get a 2nd wildcard SSL Certificate but with ECC 256 bit SSL and ECDHE_ECDSA key exchange so I can test either RSA 2048 bit or ECC 256 bit on particular subdomains of *.centminmod.com

Basically ECDSA isn't your cipher preference but rather your key exchange mechanism preference you choose at the time you generate your private key and CSR Code. Traditionally, folks have been generating private key and CSR Code via RSA 1024 bit and now RSA 2048 bit - so with your cipher preferences you'd see ECDHE_RSA as the key exchange mechanism. You can only change to using ECC 256 bit SSL if your SSL provider's SSL certificates support ECC and if at time of generating private key and CSR Code, you use ECC 256 bit to generate your private key and CSR Code. Then if your SSL provider supports ECC certificates (see CA Security Council | Benefits of Elliptic Curve Cryptography) they will take your ECC 256 bit generated CSR Code and generate a ECC 256 bit SSL certificate as opposed to a RSA 2048 bit SSL certificate.

So essentially, if you want to switch from RSA 2048 bit SSL certificate and key exchange mechanism, you would need a brand new SSL certificate which is a ECC 256 bit SSL certificate from a supported provider such as Comodo or Symantec and provide them with a CSR Code which is generated (along with private key) using ECC 256 bit rather than RSA 2048 bit.

For ECC 256 bit SSL certificate from Comodo, they will provide a ECC 256 bit SSL certificate along with their intermediate and roots which are labelled as ECC on some

See example of sslspdy.com which is using ECC 256 bit SSL and ECDHE_ECDSA created with ECC 256 bit key algorithm and sha256 signature algorithm

Root CA Certificate - AddTrustExternalCARoot.crt

Intermediate CA Certificate - COMODOECCAddTrustCA.crt

Intermediate CA Certificate - COMODOECCDomainValidationSecureServerCA.crt

Your SSL Certificate - sslspdy_com.crt

Now see community.centminmod.com which is using RSA 2048 bit SSL and ECDHE_RSA created with RSA 2048 bit key algorithm and sha256 signature algorithm

Root CA Certificate - AddTrustExternalCARoot.crt

Intermediate CA Certificate - COMODORSAAddTrustCA.crt

Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt

Your GGSSL Wildcard SSL - STAR_centminmod_com.crt

eva2000 · Nov 30, 2015

More ECC/ECDSA info CA Security Council | New Directions for Elliptic Curve Cryptography in Internet Protocols

I spoke about support for Elliptic Curve Digital Signature Algorithm (ECDSA) in the Web today, and noted that six CAs that account for 67% of all SSL certs (RSA and ECDSA) offer ECDSA certs. I reported that Netcraft and another independent group saw that of all public-facing SSL certificates, 2% used ECDSA. And a large chunk of that number is attributed to CloudFlare’s Universal SSL initiative in which they proactively rolled out ECDSA certificates to their CDN customers.

Then I gave my opinion on why support for ECDSA had lagged: suspicion of the NIST curves, lack of support in Windows XP, partial support in IIS, lack of awareness of Elliptic Curve Cryptography (ECC), aversion to risk because RSA isn’t broken, and concern over Intellectual Property (patents).

In the session on ECC in Industry, panelists agreed that in choosing new curves, performance was not as important as trust and security. They didn’t mean that performance didn’t matter, but that in general ECC outperforms RSA for equivalent security strengths. And it was assumed that any new curves would also carry a similar advantage over RSA in performance.
Click to expand...

eva2000 · May 26, 2016

interesting benchmarks and article info on ECDSA and RSA based TLS connections RSA and ECDSA performance | securitypitfalls

RSA AND ECDSA PERFORMANCE

As servers negotiate TLS connection, few things need to happen. Among them, a master key needs to be negotiated to secure the connection and the client needs to be able to verify that the server it connected to is the one it intended to connect to. This happens by virtue of key exchange, either RSA, finite field Diffie Hellman (DH) or Elliptic Curve Diffie Hellman (ECDH). The server itself can be identified using either RSA or Elliptic Curve Digital Signature Algorithm (ECDSA) based certificates. All of them have their strong sides and weak sides, so let’s quickly go through them.
Click to expand...

RSA key exchange
This way of deriving the key securing the connection is the simplest of the mentioned. It is supported by virtually all the clients and all the servers out there. Its strong point is relative high performance at small key sizes. Unfortunately, it doesn’t provide Forward Secrecy (PFS), which means that in case of private key leak all previous communication will be possible to decrypt.

Side note: while the acronym PFS stands for “Perfect Forward Secrecy”, the term “Perfect” comes from cryptography where it has a slightly different meaning than in vernacular. To limit confusion I’ll be calling it just “Forward Secrecy”.
Click to expand...

RSA authentication
It’s the venerable and widely supported cryptosystem. Supported by virtually anything that has support for TLS or SSL. With us since the SSLv2. Unfortunately it’s starting to show its age, performance at key sizes providing 128 bit level of security is rather low and certificates are starting to get rather large (over 1KiB in size for 3072 bit RSA).
Click to expand...

ECDSA authentication
Elliptic Curve Digital Signature Algorithm, just like ECDH is a new cryptosystem. This causes it to suffer from same problem: no support for it in old clients. It does use much smaller key sizes for the same security margins and is less computationally intensive than RSA.
Click to expand...

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

SSL ECC 256 bit vs RSA 2048 bit SSL

eva2000 Administrator Staff Member

Floren Active Member

eva2000 Administrator Staff Member

Floren Active Member

Floren Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

SSL ECC 256 bit vs RSA 2048 bit SSL

eva2000 Administrator Staff Member

Floren Active Member

eva2000 Administrator Staff Member

Floren Active Member

Floren Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.