Discover Centmin Mod today
Register Now

SSL Nginx 1.11.0 introduces dual ECDSA + RSA SSL certificate support !

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, May 25, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    speed, performance and scalability of ecdsa certs with backward compatibility of rsa certs
     
    • Informative Informative x 1
  2. buik

    buik Well-Known Member

    1,196
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    4:47 PM
    What’s the benefit of using LibreSSL anyway?
    It is old, fragmented and does not offer the latest features and functions.
    It is based on the OpenSSL 1.0.1 code which has been issued almost 6 years ago. (OpenSSL 1.0.1 [14 Mar 2012)

    Instead of disabling weak Ciphers et al. with a patch like Fedora and Red Hat does.
    They started all over again with old rubbish.
     
    Last edited: Jan 4, 2018
  3. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
  4. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    no idea for RapidSSL. only know comodo supports ECDSA as does letsencrypt

    backwards compat is just this threads outlined dual rsa + ecdsa cert setup

    for commercial certs it's just same as single commercial cert just need 2 one with generated rsa 2048 bit private key + CSR file and one with ecdsa 256bit private key + CSR file
     
    • Like Like x 2
  5. dcg

    dcg Member

    53
    18
    8
    Oct 17, 2015
    Florida, USA
    Ratings:
    +34
    Local Time:
    10:47 AM
    1.15.x
    10.2.x
    I like this idea. I have some user who are still on XP chrome/IE which only does RSA. So I'm running RSA
    Is it still in testing mode?
     
  6. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
    • Winner Winner x 1
  7. dcg

    dcg Member

    53
    18
    8
    Oct 17, 2015
    Florida, USA
    Ratings:
    +34
    Local Time:
    10:47 AM
    1.15.x
    10.2.x
    The dual certs version of acmetool.sh, got it!
     
  8. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
    So ssl_certificate & ssl_certificate_key will have duplicate line one for RSA and one for ECC.
    What about ssl_trusted_certificate?
    I'm trying this now.
     
  9. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
  10. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup looks good :D
     
  11. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
    Do you have live site using Dual Cert?
    I want to test on UCBrowser Desktop (Windows XP SP3).
    My setup failed.
     
  12. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  13. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
    For some reason that site works fine.
    Chrome and Firefox on XP works fine.
    Only this UCBrowser has issue with me.

    Can you please share your cipher list for that site? (http2.centminmod.com)
    OpenSSL version used? I guess still on OpenSSL 1.0.2?
     
  14. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    maybe UC Browser - Wikipedia
    RC4 is disabled cipher in Centmin Mod and latest OpenSSL too
     
  15. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    using OpenSSL 1.1.1-pre1 right now for TLS v1.3 testing
    Code (Text):
      ssl_ciphers  TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
    

     
    • Informative Informative x 1
  16. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
    I don't have a choice, many of my users still use it :(.
     
  17. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
    Mine shows with P-256, and yours shows X25519, why is that?
     
  18. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  19. rdan

    rdan Well-Known Member

    4,670
    1,121
    113
    May 25, 2014
    Ratings:
    +1,663
    Local Time:
    10:47 PM
    Mainline
    10.2
    How to make it X25519 by the way?
    All sites with X25519 works fine on UCBrowser.
     
  20. eva2000

    eva2000 Administrator Staff Member

    41,689
    9,387
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,421
    Local Time:
    12:47 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Ah seems it's because OpenSSL 1.1 default priority is to use x25519 curve [openssl-dev] X25519 is the default curve for ECDHE in OpenSSL 1.1.0 and X25519 implementation complicates curve order preference for consuming applications · Issue #4175 · openssl/openssl · GitHub

    So updating to OpenSSL 1.1.0g or 1.1.1-pre1 and see but you will loose RC4 IIRC.

    But doesn't matter Nginx fall backs to serving with P-256 in either case as you can see in SSLLab listing of clients/browsers (with exception on my site for Firefox 53/Win)

    Your site's Server Temp Key
    Code (Text):
    echo n | openssl s_client -debug -connect phcorner.net:443 2>&1 | grep -A12 'Server Temp Key:' 
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 3361 bytes and written 415 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
    Server public key is 256 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256
    

    my site
    Code (Text):
    echo n | openssl s_client -debug -connect http2.centminmod.com:443 2>&1 | grep -A12 'Server Temp Key:'                 
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 2779 bytes and written 415 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
    Server public key is 256 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256