This repository was archived by the owner on Aug 26, 2021. It is now read-only.
This repository was archived by the owner on Aug 26, 2021. It is now read-only.
Support ECC Certificates #144
Open
Description
This is a feature request. Let's Encrypt supports signing of ECC CSRs. For example with the following process:
$ openssl genpkey -algorithm EC -out key.pem -pkeyopt ec_paramgen_curve:secp384r1
$ openssl req -new -sha256 -key key.pem -out explicit-csr.pem
$ sudo letsencrypt certonly --agree-tos --email '[email protected]' \
--csr explicit-csr.pem \
--cert-path cert.pem \
--fullchain-path fullchain.pem \
--webroot \
-w /var/www/ \
-d www.domain.com -d domain.comI think the lower overhead of NIST 384-bit curves and it's equivalent RSA strength of 7,680 bits benefits performance and future-proofs the underlying crypto until something better is found...
Metadata
Metadata
Assignees
Labels
No labels