Welcome to Centmin Mod Community
Become a Member

SSL ECC 256 bit vs RSA 2048 bit SSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 14, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    53,530
    12,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,677
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Edit: split off posts to new thread

    had to modify my curl command as sslspdy.com used ECDHE_ECDSA so needed to pass the appropriate cipher too :)

    Code:
    curl -1IsS https://sslspdy.com
    curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
    Code:
    curl -1IsS --ciphers ecdhe_ecdsa_aes_128_sha https://sslspdy.com
    HTTP/1.1 200 OK
    Server: nginx centminmod
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Strict-Transport-Security: max-age=31536000
    Date: Tue, 10 Feb 1970 22:32:54 GMT
    X-Page-Speed: 1.8.31.4-4009
    Cache-Control: max-age=0, no-cache
    verbose check with curl 7.37

    Code:
    curl -16IsS https://sslspdy.com -v
    * Rebuilt URL to: https://sslspdy.com/
    * Hostname was NOT found in DNS cache
    *   Trying 2604:180:1::fd2c:e402...
    * Connected to sslspdy.com (2604:180:1::fd2c:e402) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    * SSLv3, TLS handshake, Server hello (2):
    * SSLv3, TLS handshake, CERT (11):
    * SSLv3, TLS handshake, Server key exchange (12):
    * SSLv3, TLS handshake, Server finished (14):
    * SSLv3, TLS handshake, Client key exchange (16):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSLv3, TLS change cipher, Client hello (1):
    * SSLv3, TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
    * Server certificate:
    *        subject: OU=Domain Control Validated; OU=Free SSL; CN=sslspdy.com
    *        start date: 2014-08-02 00:00:00 GMT
    *        expire date: 2014-10-31 23:59:59 GMT
    *        subjectAltName: sslspdy.com matched
    *        issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA
    *        SSL certificate verify ok.
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.37.1
    > Host: sslspdy.com
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    * Server nginx centminmod is not blacklisted
    < Server: nginx centminmod
    Server: nginx centminmod
    < Content-Type: text/html; charset=utf-8
    Content-Type: text/html; charset=utf-8
    < Connection: keep-alive
    Connection: keep-alive
    < Vary: Accept-Encoding
    Vary: Accept-Encoding
    < Strict-Transport-Security: max-age=31536000
    Strict-Transport-Security: max-age=31536000
    < Date: Wed, 11 Feb 1970 02:43:30 GMT
    Date: Wed, 11 Feb 1970 02:43:30 GMT
    < X-Page-Speed: 1.8.31.4-4009
    X-Page-Speed: 1.8.31.4-4009
    < Cache-Control: max-age=0, no-cache
    Cache-Control: max-age=0, no-cache
    
    <
    * Connection #0 to host sslspdy.com left intact
    sealion_sslspdycom2.png

     
    Last edited: Aug 15, 2014
  2. Floren

    Floren Active Member

    148
    77
    28
    Jun 6, 2014
    Ratings:
    +77
    Local Time:
    6:50 PM
    @eva2000, enable ECDHE_RSA. I think is faster than ECDHE_ECDSA. I have it enabled on my server.
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,530
    12,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,677
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you sure A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography | CloudFlare Blog

     
  4. Floren

    Floren Active Member

    148
    77
    28
    Jun 6, 2014
    Ratings:
    +77
    Local Time:
    6:50 PM
    @eva2000, thanks for the info, I did not know this. :)
    How do you force ECDHE_ECDSA instead of ECDHE_RSA? I really don't want to disable it.
     
  5. Floren

    Floren Active Member

    148
    77
    28
    Jun 6, 2014
    Ratings:
    +77
    Local Time:
    6:50 PM
    @eva2000, this is the list of ciphers I have now enabled:
    Code:
    # openssl ciphers -v 'ciphers go here'
    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
    ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
    ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
    ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
    ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
    DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
    DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
    ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
    ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
    ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
    ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
    ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
    ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
    ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
    DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
    DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
    ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
    ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
    ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
    ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
    ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
    ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
    ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
    ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
    DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
    DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
    ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
    ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
    ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
    ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
    EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
    AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
    AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
    AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
    AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
    AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
    AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
    DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
    How do I force ECDHE-ECDSA-AES128-GCM-SHA256 first?

    BTW, your site goes through RSA also in Chrome:

    cert.png
     
    Last edited: Aug 15, 2014
  6. eva2000

    eva2000 Administrator Staff Member

    53,530
    12,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,677
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @Floren, I split off these posts from the other thread and moved to Email, Domains and SSL forums :)

    For background info see Nginx - Centmin Mod Nginx VHOST SPDY SSL Generator testing | Centmin Mod Community

    I chose to continue using RSA 2048 bit and thus ECDHE_RSA for key exchange mechanism for centminmod.com wildcard SSL Certificate for better compatibility as it's clear some tools like curl would have issues still and I have no control of 3rd party monitoring and whether it supports ECDSA yet. I plan to use dual SSL wildcard certificates though, so with centminmod.com I am going to get a 2nd wildcard SSL Certificate but with ECC 256 bit SSL and ECDHE_ECDSA key exchange so I can test either RSA 2048 bit or ECC 256 bit on particular subdomains of *.centminmod.com

    Basically ECDSA isn't your cipher preference but rather your key exchange mechanism preference you choose at the time you generate your private key and CSR Code. Traditionally, folks have been generating private key and CSR Code via RSA 1024 bit and now RSA 2048 bit - so with your cipher preferences you'd see ECDHE_RSA as the key exchange mechanism. You can only change to using ECC 256 bit SSL if your SSL provider's SSL certificates support ECC and if at time of generating private key and CSR Code, you use ECC 256 bit to generate your private key and CSR Code. Then if your SSL provider supports ECC certificates (see CA Security Council | Benefits of Elliptic Curve Cryptography) they will take your ECC 256 bit generated CSR Code and generate a ECC 256 bit SSL certificate as opposed to a RSA 2048 bit SSL certificate.

    So essentially, if you want to switch from RSA 2048 bit SSL certificate and key exchange mechanism, you would need a brand new SSL certificate which is a ECC 256 bit SSL certificate from a supported provider such as Comodo or Symantec and provide them with a CSR Code which is generated (along with private key) using ECC 256 bit rather than RSA 2048 bit.

    For ECC 256 bit SSL certificate from Comodo, they will provide a ECC 256 bit SSL certificate along with their intermediate and roots which are labelled as ECC on some

    See example of sslspdy.com which is using ECC 256 bit SSL and ECDHE_ECDSA created with ECC 256 bit key algorithm and sha256 signature algorithm
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODOECCAddTrustCA.crt
    • Intermediate CA Certificate - COMODOECCDomainValidationSecureServerCA.crt
    • Your SSL Certificate - sslspdy_com.crt
    Now see community.centminmod.com which is using RSA 2048 bit SSL and ECDHE_RSA created with RSA 2048 bit key algorithm and sha256 signature algorithm
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    • Your GGSSL Wildcard SSL - STAR_centminmod_com.crt
     
    Last edited: Aug 15, 2014
  7. eva2000

    eva2000 Administrator Staff Member

    53,530
    12,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,677
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More ECC/ECDSA info CA Security Council | New Directions for Elliptic Curve Cryptography in Internet Protocols

     
  8. eva2000

    eva2000 Administrator Staff Member

    53,530
    12,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,677
    Local Time:
    8:50 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    interesting benchmarks and article info on ECDSA and RSA based TLS connections RSA and ECDSA performance | securitypitfalls