Certbot won't renew "Server Key and Certificate #1"

ddegner · December 4, 2020, 9:21pm

I appear to have multiple Let's Encrypt certs on my server but certbot only recognizes and renews some of them. The Certificate #1 will be expiring soon on Dec 17th.

You can see the situation here:

If I run: certbot certificates

Found the following certs:
  Certificate Name: daviddegner.com
    Domains: daviddegner.com www.daviddegner.com
    Expiry Date: 2021-03-02 21:16:36+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/daviddegner.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/daviddegner.com/privkey.pem

If I run certbot certonly it renews a certificate, but not Cert #1

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): daviddegner.com www.daviddegner.com
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/daviddegner.com.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/daviddegner.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/daviddegner.com/privkey.pem
Your cert will expire on 2021-03-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"

If you like Certbot, please consider supporting our work by:

My domain is: www.daviddegner.com

I ran this command: certbot certonly

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): daviddegner.com www.daviddegner.com
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/daviddegner.com.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/daviddegner.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/daviddegner.com/privkey.pem
Your cert will expire on 2021-03-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"
If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

My web server is (include version): OpenLightSpeed Latest

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.40.0

rg305 · December 4, 2020, 10:19pm

Certonly will only renew the cert.
If you need to use the new cert, you will need to tell the web server to do so; as it is unaware of any such change.
That usually means reloading, or restarting, the web service.

rg305 · December 4, 2020, 10:22pm

You only showed one cert; I don't understand this statement:

Which is Cert #1 (that did not renew) ?

rg305 · December 5, 2020, 5:08am

OK I think I see a problem:

Name:    daviddegner.com
Addresses:  2600:3c03::f03c:92ff:fecd:1da8
          45.79.184.48

Name:    c306977.tier1.quic.cloud
Address:  92.38.132.176
Aliases:  www.daviddegner.com

The root domain and the www resolve to completely different IPs.
[one of which fails completely - the IPv6 one]

So that means, there are two different servers using two different certs.
You are probably connected to the one that is renewing.
You need to update the other one also.

See:
https://www.ssllabs.com/ssltest/analyze.html?d=daviddegner.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.daviddegner.com

OR
Maybe it is just a web service restart that is missing in the equation

ddegner · December 5, 2020, 5:09am

You pointed out my problem. I forgot that I am running my website through a CDN that has its own certificate that will renew closer to the deadline.

Thanks

Osiris · December 5, 2020, 8:05am

By the way, renewing is usually done by running certbot renew without any extra commands.

rg305 · December 5, 2020, 8:25pm

If the CDN is using the IPv6 address, you need to get that fixed.
[or whomever is using the IPv6 address]

rg305 · December 9, 2020, 10:18am

I see you got a cert a few days ago.
And you have an "A" at SSL Labs - this is good.

But you can improve on it a bit easily by...
Removing the root cert from the chain:

Removing weak ciphers (unless absolutely needed - like for Safari 6/7/8 clients):

Reordering these:

Cheers from Miami

Osiris · December 9, 2020, 11:44am

Why?

rg305 · December 9, 2020, 4:31pm

Because the default is sorted lowest to highest:
x25519 = 126 bit (or 255 for Curve25519)
secp256r1 = 256
secp384r1 = 384

So, I ask you Why?
Why would anyone want to do it in that order?

Osiris · December 9, 2020, 5:23pm

You're comparing symmetric key strength (for x25519) with EC keysize. Secp256r1 and secp384r1 don't have 256 and 384 (resp.) symmetric key strength! You can't compare it that way.

Also, many cipher suits lists start with AES-128 for performance reasons, so I don't see a problem with x25519 at the beginning. I would choose x25529 (or x448-goldilocks) above NIST curves any time!

NB: x25519 uses Curve25519 as the underlying curve, so they are pretty much equivalent in bits of security I'd say.

rg305 · January 6, 2021, 10:10pm

That's a myth.
[only happens on very old hardware]

I would not choose x25519 over anything.
I agree that more should be added to the list and would set it highest to lowest - not lowest to highest.
Here is how I set my sites:

Osiris · December 9, 2020, 6:11pm

I beg your pardon? Hardware support for AES doesn't differentiate between AES-128 and AES-256 and Mozilla's recommendation places AES-128 first. Also, when I check my Chromium with the SSLLabs Client Test, guess which AES keysize comes first? You get only one choice...

That's your choice, probably because you value security more than performance. But that doesn't mean everybody should do that, especially if someone values speed over security. My Chromium has the following list: x25519, secp256r1, secp384r1. Makes sense if you see the cipher suite list

rg305 · December 9, 2020, 6:13pm

You make it sound like two very disparate extreme choices.
Like a genie: Chose wisely.. you only get one choice!
I dare you to show the actual numbers you encounter for AES128 vs AES256.

rg305 · December 9, 2020, 6:17pm

That result can be modified.
Again "default" results - when has that ever been a well thought out thing?

Osiris · December 9, 2020, 6:19pm

IDC, you asked "Why would anyone want to do it in that order?", I answered with "All the great powers out there (Mozilla, Google) have sorted key strength from low to high, probably due to performance reasons." Do with it how you please.

rg305 · December 9, 2020, 6:21pm

One day I will be a great power too and you will have to listen to me!
Muahahaha - LOL

rg305 · December 9, 2020, 8:03pm

OK, @Osiris here are some non-scientific results found from one single test run on one test/production system:

Full Test Details

openssl speed
Doing mdc2 for 3s on 16 size blocks: 1347546 mdc2's in 3.00s
Doing mdc2 for 3s on 64 size blocks: 372211 mdc2's in 3.00s
Doing mdc2 for 3s on 256 size blocks: 95612 mdc2's in 3.00s
Doing mdc2 for 3s on 1024 size blocks: 24040 mdc2's in 3.00s
Doing mdc2 for 3s on 8192 size blocks: 3013 mdc2's in 3.00s
Doing mdc2 for 3s on 16384 size blocks: 1506 mdc2's in 3.00s
Doing md4 for 3s on 16 size blocks: 5840807 md4's in 3.00s
Doing md4 for 3s on 64 size blocks: 4506799 md4's in 3.00s
Doing md4 for 3s on 256 size blocks: 2700298 md4's in 2.99s
Doing md4 for 3s on 1024 size blocks: 1024464 md4's in 3.00s
Doing md4 for 3s on 8192 size blocks: 152232 md4's in 3.00s
Doing md4 for 3s on 16384 size blocks: 77200 md4's in 3.00s
Doing md5 for 3s on 16 size blocks: 11540330 md5's in 3.00s
Doing md5 for 3s on 64 size blocks: 7241511 md5's in 3.00s
Doing md5 for 3s on 256 size blocks: 3355492 md5's in 3.00s
Doing md5 for 3s on 1024 size blocks: 1070574 md5's in 3.00s
Doing md5 for 3s on 8192 size blocks: 146368 md5's in 3.00s
Doing md5 for 3s on 16384 size blocks: 73002 md5's in 2.98s
Doing hmac(md5) for 3s on 16 size blocks: 4141089 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 64 size blocks: 3306411 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 256 size blocks: 2174769 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 1024 size blocks: 909022 hmac(md5)'s in 3.00s
Doing hmac(md5) for 3s on 8192 size blocks: 142644 hmac(md5)'s in 2.99s
Doing hmac(md5) for 3s on 16384 size blocks: 72818 hmac(md5)'s in 3.00s
Doing sha1 for 3s on 16 size blocks: 9547055 sha1's in 3.00s
Doing sha1 for 3s on 64 size blocks: 5762485 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 2644743 sha1's in 3.00s
Doing sha1 for 3s on 1024 size blocks: 836085 sha1's in 3.00s
Doing sha1 for 3s on 8192 size blocks: 113657 sha1's in 3.00s
Doing sha1 for 3s on 16384 size blocks: 57182 sha1's in 3.00s
Doing sha256 for 3s on 16 size blocks: 5042419 sha256's in 2.99s
Doing sha256 for 3s on 64 size blocks: 2791959 sha256's in 3.00s
Doing sha256 for 3s on 256 size blocks: 1194491 sha256's in 3.00s
Doing sha256 for 3s on 1024 size blocks: 366633 sha256's in 3.00s
Doing sha256 for 3s on 8192 size blocks: 49076 sha256's in 3.00s
Doing sha256 for 3s on 16384 size blocks: 24629 sha256's in 3.00s
Doing sha512 for 3s on 16 size blocks: 3999965 sha512's in 3.00s
Doing sha512 for 3s on 64 size blocks: 4010863 sha512's in 3.00s
Doing sha512 for 3s on 256 size blocks: 1532827 sha512's in 3.00s
Doing sha512 for 3s on 1024 size blocks: 537753 sha512's in 2.99s
Doing sha512 for 3s on 8192 size blocks: 76356 sha512's in 3.00s
Doing sha512 for 3s on 16384 size blocks: 38521 sha512's in 3.00s
Doing whirlpool for 3s on 16 size blocks: 2995578 whirlpool's in 3.00s
Doing whirlpool for 3s on 64 size blocks: 1610827 whirlpool's in 3.00s
Doing whirlpool for 3s on 256 size blocks: 671502 whirlpool's in 3.00s
Doing whirlpool for 3s on 1024 size blocks: 202104 whirlpool's in 3.00s
Doing whirlpool for 3s on 8192 size blocks: 26862 whirlpool's in 3.00s
Doing whirlpool for 3s on 16384 size blocks: 13492 whirlpool's in 2.99s
Doing rmd160 for 3s on 16 size blocks: 3323632 rmd160's in 3.00s
Doing rmd160 for 3s on 64 size blocks: 2149101 rmd160's in 3.00s
Doing rmd160 for 3s on 256 size blocks: 1022114 rmd160's in 3.00s
Doing rmd160 for 3s on 1024 size blocks: 332137 rmd160's in 3.00s
Doing rmd160 for 3s on 8192 size blocks: 45493 rmd160's in 3.00s
Doing rmd160 for 3s on 16384 size blocks: 22915 rmd160's in 3.00s
Doing rc4 for 3s on 16 size blocks: 50341515 rc4's in 3.00s
Doing rc4 for 3s on 64 size blocks: 15769227 rc4's in 2.99s
Doing rc4 for 3s on 256 size blocks: 4173936 rc4's in 3.00s
Doing rc4 for 3s on 1024 size blocks: 1069965 rc4's in 3.00s
Doing rc4 for 3s on 8192 size blocks: 134740 rc4's in 3.00s
Doing rc4 for 3s on 16384 size blocks: 67438 rc4's in 3.00s
Doing des cbc for 3s on 16 size blocks: 8104833 des cbc's in 3.00s
Doing des cbc for 3s on 64 size blocks: 2112320 des cbc's in 3.00s
Doing des cbc for 3s on 256 size blocks: 536044 des cbc's in 3.00s
Doing des cbc for 3s on 1024 size blocks: 134528 des cbc's in 3.00s
Doing des cbc for 3s on 8192 size blocks: 16827 des cbc's in 3.00s
Doing des cbc for 3s on 16384 size blocks: 8410 des cbc's in 3.00s
Doing des ede3 for 3s on 16 size blocks: 3241288 des ede3's in 3.00s
Doing des ede3 for 3s on 64 size blocks: 823868 des ede3's in 3.00s
Doing des ede3 for 3s on 256 size blocks: 207479 des ede3's in 2.99s
Doing des ede3 for 3s on 1024 size blocks: 51954 des ede3's in 3.00s
Doing des ede3 for 3s on 8192 size blocks: 6497 des ede3's in 3.01s
Doing des ede3 for 3s on 16384 size blocks: 3247 des ede3's in 3.00s
Doing aes-128 cbc for 3s on 16 size blocks: 11154461 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 2964526 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 256 size blocks: 758723 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 477876 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 60331 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 16384 size blocks: 30186 aes-128 cbc's in 3.00s
Doing aes-192 cbc for 3s on 16 size blocks: 9367524 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 64 size blocks: 2456112 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 256 size blocks: 631211 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 1024 size blocks: 405855 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 8192 size blocks: 50990 aes-192 cbc's in 3.00s
Doing aes-192 cbc for 3s on 16384 size blocks: 25573 aes-192 cbc's in 2.99s
Doing aes-256 cbc for 3s on 16 size blocks: 7970864 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 64 size blocks: 2081802 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 528981 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 327443 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 8192 size blocks: 41456 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 16384 size blocks: 20927 aes-256 cbc's in 3.00s
Doing aes-128 ige for 3s on 16 size blocks: 10872860 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 64 size blocks: 2824318 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 256 size blocks: 716442 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 1024 size blocks: 180474 aes-128 ige's in 3.00s
Doing aes-128 ige for 3s on 8192 size blocks: 22440 aes-128 ige's in 2.99s
Doing aes-128 ige for 3s on 16384 size blocks: 11163 aes-128 ige's in 3.00s
Doing aes-192 ige for 3s on 16 size blocks: 9207496 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 64 size blocks: 2379497 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 256 size blocks: 599075 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 1024 size blocks: 151846 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 8192 size blocks: 19031 aes-192 ige's in 3.00s
Doing aes-192 ige for 3s on 16384 size blocks: 9514 aes-192 ige's in 3.00s
Doing aes-256 ige for 3s on 16 size blocks: 7854153 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 64 size blocks: 2018453 aes-256 ige's in 2.99s
Doing aes-256 ige for 3s on 256 size blocks: 510972 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 1024 size blocks: 128201 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 8192 size blocks: 16043 aes-256 ige's in 3.00s
Doing aes-256 ige for 3s on 16384 size blocks: 8017 aes-256 ige's in 3.00s
Doing ghash for 3s on 16 size blocks: 26796323 ghash's in 3.00s
Doing ghash for 3s on 64 size blocks: 10156727 ghash's in 3.00s
Doing ghash for 3s on 256 size blocks: 2882751 ghash's in 3.00s
Doing ghash for 3s on 1024 size blocks: 754767 ghash's in 3.00s
Doing ghash for 3s on 8192 size blocks: 95611 ghash's in 3.00s
Doing ghash for 3s on 16384 size blocks: 47881 ghash's in 3.00s
Doing camellia-128 cbc for 3s on 16 size blocks: 12978766 camellia-128 cbc's in 2.99s
Doing camellia-128 cbc for 3s on 64 size blocks: 4942826 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 256 size blocks: 1419173 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 1024 size blocks: 369893 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 8192 size blocks: 46450 camellia-128 cbc's in 3.00s
Doing camellia-128 cbc for 3s on 16384 size blocks: 23328 camellia-128 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 16 size blocks: 11189308 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 64 size blocks: 3870694 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 256 size blocks: 1087880 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 1024 size blocks: 280511 camellia-192 cbc's in 2.99s
Doing camellia-192 cbc for 3s on 8192 size blocks: 35181 camellia-192 cbc's in 3.00s
Doing camellia-192 cbc for 3s on 16384 size blocks: 17643 camellia-192 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 16 size blocks: 11043832 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 64 size blocks: 3858630 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 256 size blocks: 1087714 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 1024 size blocks: 280621 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 8192 size blocks: 35156 camellia-256 cbc's in 3.00s
Doing camellia-256 cbc for 3s on 16384 size blocks: 17625 camellia-256 cbc's in 3.00s
Doing idea cbc for 3s on 16 size blocks: 7805873 idea cbc's in 3.00s
Doing idea cbc for 3s on 64 size blocks: 2082834 idea cbc's in 3.00s
Doing idea cbc for 3s on 256 size blocks: 527556 idea cbc's in 3.00s
Doing idea cbc for 3s on 1024 size blocks: 132744 idea cbc's in 3.00s
Doing idea cbc for 3s on 8192 size blocks: 16602 idea cbc's in 2.99s
Doing idea cbc for 3s on 16384 size blocks: 8303 idea cbc's in 3.00s
Doing seed cbc for 3s on 16 size blocks: 9166833 seed cbc's in 3.00s
Doing seed cbc for 3s on 64 size blocks: 2356060 seed cbc's in 3.00s
Doing seed cbc for 3s on 256 size blocks: 593244 seed cbc's in 3.00s
Doing seed cbc for 3s on 1024 size blocks: 148804 seed cbc's in 3.00s
Doing seed cbc for 3s on 8192 size blocks: 18599 seed cbc's in 3.00s
Doing seed cbc for 3s on 16384 size blocks: 9305 seed cbc's in 3.00s
Doing rc2 cbc for 3s on 16 size blocks: 4324437 rc2 cbc's in 2.99s
Doing rc2 cbc for 3s on 64 size blocks: 1120393 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 256 size blocks: 282264 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 1024 size blocks: 70705 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 8192 size blocks: 8844 rc2 cbc's in 3.00s
Doing rc2 cbc for 3s on 16384 size blocks: 4422 rc2 cbc's in 3.00s
Doing blowfish cbc for 3s on 16 size blocks: 14102193 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 64 size blocks: 3833829 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 256 size blocks: 979521 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 1024 size blocks: 246611 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 8192 size blocks: 30905 blowfish cbc's in 3.00s
Doing blowfish cbc for 3s on 16384 size blocks: 15450 blowfish cbc's in 3.00s
Doing cast cbc for 3s on 16 size blocks: 10491986 cast cbc's in 3.00s
Doing cast cbc for 3s on 64 size blocks: 2778661 cast cbc's in 2.99s
Doing cast cbc for 3s on 256 size blocks: 703946 cast cbc's in 3.00s
Doing cast cbc for 3s on 1024 size blocks: 175039 cast cbc's in 3.00s
Doing cast cbc for 3s on 8192 size blocks: 22089 cast cbc's in 3.00s
Doing cast cbc for 3s on 16384 size blocks: 11056 cast cbc's in 3.00s
Doing rand for 3s on 16 size blocks: 336450 rand's in 3.00s
Doing rand for 3s on 64 size blocks: 296852 rand's in 3.00s
Doing rand for 3s on 256 size blocks: 203062 rand's in 3.00s
Doing rand for 3s on 1024 size blocks: 89415 rand's in 3.00s
Doing rand for 3s on 8192 size blocks: 14354 rand's in 3.00s
Doing rand for 3s on 16384 size blocks: 7349 rand's in 2.99s
Doing 512 bits private rsa's for 10s: 92317 512 bits private RSA's in 9.99s
Doing 512 bits public rsa's for 10s: 1168507 512 bits public RSA's in 10.00s
Doing 1024 bits private rsa's for 10s: 28063 1024 bits private RSA's in 10.00s
Doing 1024 bits public rsa's for 10s: 443752 1024 bits public RSA's in 10.00s
Doing 2048 bits private rsa's for 10s: 3995 2048 bits private RSA's in 9.99s
Doing 2048 bits public rsa's for 10s: 136142 2048 bits public RSA's in 10.00s
Doing 3072 bits private rsa's for 10s: 1269 3072 bits private RSA's in 10.01s
Doing 3072 bits public rsa's for 10s: 64979 3072 bits public RSA's in 10.00s
Doing 4096 bits private rsa's for 10s: 571 4096 bits private RSA's in 10.00s
Doing 4096 bits public rsa's for 10s: 37390 4096 bits public RSA's in 10.00s
Doing 7680 bits private rsa's for 10s: 72 7680 bits private RSA's in 10.06s
Doing 7680 bits public rsa's for 10s: 11195 7680 bits public RSA's in 10.00s
Doing 15360 bits private rsa's for 10s: 13 15360 bits private RSA's in 10.64s
Doing 15360 bits public rsa's for 10s: 2868 15360 bits public RSA's in 10.00s
Doing 512 bits sign dsa's for 10s: 53261 512 bits DSA signs in 10.00s
Doing 512 bits verify dsa's for 10s: 91128 512 bits DSA verify in 10.00s
Doing 1024 bits sign dsa's for 10s: 27527 1024 bits DSA signs in 10.00s
Doing 1024 bits verify dsa's for 10s: 36594 1024 bits DSA verify in 10.00s
Doing 2048 bits sign dsa's for 10s: 9776 2048 bits DSA signs in 10.00s
Doing 2048 bits verify dsa's for 10s: 11056 2048 bits DSA verify in 10.00s
Doing 160 bits sign ecdsa's for 10s: 17687 160 bits ECDSA signs in 10.00s
Doing 160 bits verify ecdsa's for 10s: 21221 160 bits ECDSA verify in 10.00s
Doing 192 bits sign ecdsa's for 10s: 14301 192 bits ECDSA signs in 10.00s
Doing 192 bits verify ecdsa's for 10s: 17483 192 bits ECDSA verify in 9.99s
Doing 224 bits sign ecdsa's for 10s: 9771 224 bits ECDSA signs in 9.99s
Doing 224 bits verify ecdsa's for 10s: 12393 224 bits ECDSA verify in 9.99s
Doing 256 bits sign ecdsa's for 10s: 130682 256 bits ECDSA signs in 10.00s
Doing 256 bits verify ecdsa's for 10s: 45672 256 bits ECDSA verify in 10.00s
Doing 384 bits sign ecdsa's for 10s: 3428 384 bits ECDSA signs in 10.00s
Doing 384 bits verify ecdsa's for 10s: 4794 384 bits ECDSA verify in 10.00s
Doing 521 bits sign ecdsa's for 10s: 1500 521 bits ECDSA signs in 10.00s
Doing 521 bits verify ecdsa's for 10s: 2136 521 bits ECDSA verify in 10.00s
Doing 163 bits sign ecdsa's for 10s: 9824 163 bits ECDSA signs in 10.00s
Doing 163 bits verify ecdsa's for 10s: 4959 163 bits ECDSA verify in 10.00s
Doing 233 bits sign ecdsa's for 10s: 7196 233 bits ECDSA signs in 10.00s
Doing 233 bits verify ecdsa's for 10s: 3689 233 bits ECDSA verify in 10.00s
Doing 283 bits sign ecdsa's for 10s: 3529 283 bits ECDSA signs in 10.00s
Doing 283 bits verify ecdsa's for 10s: 1784 283 bits ECDSA verify in 10.00s
Doing 409 bits sign ecdsa's for 10s: 1690 409 bits ECDSA signs in 10.00s
Doing 409 bits verify ecdsa's for 10s: 855 409 bits ECDSA verify in 10.00s
Doing 571 bits sign ecdsa's for 10s: 781 571 bits ECDSA signs in 10.01s
Doing 571 bits verify ecdsa's for 10s: 391 571 bits ECDSA verify in 10.01s
Doing 163 bits sign ecdsa's for 10s: 9278 163 bits ECDSA signs in 10.00s
Doing 163 bits verify ecdsa's for 10s: 4677 163 bits ECDSA verify in 10.00s
Doing 233 bits sign ecdsa's for 10s: 6929 233 bits ECDSA signs in 10.00s
Doing 233 bits verify ecdsa's for 10s: 3496 233 bits ECDSA verify in 10.00s
Doing 283 bits sign ecdsa's for 10s: 3259 283 bits ECDSA signs in 10.00s
Doing 283 bits verify ecdsa's for 10s: 1643 283 bits ECDSA verify in 10.01s
Doing 409 bits sign ecdsa's for 10s: 1529 409 bits ECDSA signs in 10.00s
Doing 409 bits verify ecdsa's for 10s: 775 409 bits ECDSA verify in 10.01s
Doing 571 bits sign ecdsa's for 10s: 696 571 bits ECDSA signs in 10.01s
Doing 571 bits verify ecdsa's for 10s: 351 571 bits ECDSA verify in 10.00s
Doing 256 bits sign ecdsa's for 10s: 8775 256 bits ECDSA signs in 10.00s
Doing 256 bits verify ecdsa's for 10s: 10601 256 bits ECDSA verify in 10.00s
Doing 256 bits sign ecdsa's for 10s: 8730 256 bits ECDSA signs in 10.00s
Doing 256 bits verify ecdsa's for 10s: 11083 256 bits ECDSA verify in 10.00s
Doing 384 bits sign ecdsa's for 10s: 3459 384 bits ECDSA signs in 10.00s
Doing 384 bits verify ecdsa's for 10s: 4532 384 bits ECDSA verify in 10.00s
Doing 384 bits sign ecdsa's for 10s: 3479 384 bits ECDSA signs in 9.99s
Doing 384 bits verify ecdsa's for 10s: 4823 384 bits ECDSA verify in 10.00s
Doing 512 bits sign ecdsa's for 10s: 2103 512 bits ECDSA signs in 10.00s
Doing 512 bits verify ecdsa's for 10s: 2801 512 bits ECDSA verify in 10.00s
Doing 512 bits sign ecdsa's for 10s: 2135 512 bits ECDSA signs in 9.99s
Doing 512 bits verify ecdsa's for 10s: 3041 512 bits ECDSA verify in 10.00s
Doing 160 bits  ecdh's for 10s: 18529 160-bits ECDH ops in 10.00s
Doing 192 bits  ecdh's for 10s: 15251 192-bits ECDH ops in 10.00s
Doing 224 bits  ecdh's for 10s: 10275 224-bits ECDH ops in 10.00s
Doing 256 bits  ecdh's for 10s: 60800 256-bits ECDH ops in 10.00s
Doing 384 bits  ecdh's for 10s: 3595 384-bits ECDH ops in 9.99s
Doing 521 bits  ecdh's for 10s: 1577 521-bits ECDH ops in 10.00s
Doing 163 bits  ecdh's for 10s: 10160 163-bits ECDH ops in 10.00s
Doing 233 bits  ecdh's for 10s: 7567 233-bits ECDH ops in 10.00s
Doing 283 bits  ecdh's for 10s: 3644 283-bits ECDH ops in 10.00s
Doing 409 bits  ecdh's for 10s: 1737 409-bits ECDH ops in 10.00s
Doing 571 bits  ecdh's for 10s: 800 571-bits ECDH ops in 9.99s
Doing 163 bits  ecdh's for 10s: 9606 163-bits ECDH ops in 10.00s
Doing 233 bits  ecdh's for 10s: 7175 233-bits ECDH ops in 10.00s
Doing 283 bits  ecdh's for 10s: 3354 283-bits ECDH ops in 10.00s
Doing 409 bits  ecdh's for 10s: 1576 409-bits ECDH ops in 10.00s
Doing 571 bits  ecdh's for 10s: 717 571-bits ECDH ops in 10.01s
Doing 256 bits  ecdh's for 10s: 9185 256-bits ECDH ops in 9.99s
Doing 256 bits  ecdh's for 10s: 9160 256-bits ECDH ops in 9.99s
Doing 384 bits  ecdh's for 10s: 3627 384-bits ECDH ops in 10.00s
Doing 384 bits  ecdh's for 10s: 3654 384-bits ECDH ops in 10.00s
Doing 512 bits  ecdh's for 10s: 2198 512-bits ECDH ops in 10.00s
Doing 512 bits  ecdh's for 10s: 2223 512-bits ECDH ops in 10.00s
Doing 253 bits  ecdh's for 10s: 80176 253-bits ECDH ops in 10.00s
Doing 448 bits  ecdh's for 10s: 5991 448-bits ECDH ops in 10.00s
Doing 253 bits sign Ed25519's for 10s: 85833 253 bits Ed25519 signs in 10.00s
Doing 253 bits verify Ed25519's for 10s: 26163 253 bits Ed25519 verify in 10.00s
Doing 456 bits sign Ed448's for 10s: 19978 456 bits Ed448 signs in 9.99s
Doing 456 bits verify Ed448's for 10s: 5344 456 bits Ed448 verify in 9.99s
OpenSSL 1.1.1c  28 May 2019
built on: Sun Jun 30 08:06:29 2019 UTC
options:bn(64,64) rc4(8x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md2                  0.00         0.00         0.00         0.00         0.00         0.00
mdc2              7186.91k     7940.50k     8158.89k     8205.65k     8227.50k     8224.77k
md4              31150.97k    96145.05k   231196.08k   349683.71k   415694.85k   421614.93k
md5              61548.43k   154485.57k   286335.32k   365422.59k   399682.22k   401364.02k
hmac(md5)        22085.81k    70536.77k   185580.29k   310279.51k   390815.94k   397683.37k
sha1             50917.63k   122933.01k   225684.74k   285383.68k   310359.38k   312289.96k
rmd160           17726.04k    45847.49k    87220.39k   113369.43k   124226.22k   125146.45k
rc4             268488.08k   337535.29k   356175.87k   365214.72k   367930.03k   368301.40k
des cbc          43225.78k    45062.83k    45742.42k    45918.89k    45948.93k    45929.81k
des ede3         17286.87k    17575.85k    17764.09k    17733.63k    17682.20k    17732.95k
idea cbc         41631.32k    44433.79k    45018.11k    45309.95k    45486.15k    45345.45k
seed cbc         48889.78k    50262.61k    50623.49k    50791.77k    50787.67k    50817.71k
rc2 cbc          23140.80k    23901.72k    24086.53k    24133.97k    24150.02k    24150.02k
rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00         0.00
blowfish cbc     75211.70k    81788.35k    83585.79k    84176.55k    84391.25k    84377.60k
cast cbc         55957.26k    59476.36k    60070.06k    59746.65k    60317.70k    60380.50k
aes-128 cbc      59490.46k    63454.74k    64744.36k   163115.01k   164743.85k   164855.81k
aes-192 cbc      49960.13k    52397.06k    53863.34k   138531.84k   139236.69k   140129.78k
aes-256 cbc      42511.27k    44411.78k    45139.71k   111767.21k   113202.52k   114289.32k
camellia-128 cbc    69451.59k   105446.95k   121102.76k   126256.81k   126839.47k   127401.98k
camellia-192 cbc    59676.31k    82574.81k    92832.43k    96067.98k    96067.58k    96354.30k
camellia-256 cbc    58900.44k    82317.44k    92818.26k    95785.30k    95999.32k    96256.00k
sha256           26982.84k    59561.79k   101929.90k   125144.06k   134010.20k   134507.18k
sha512           21333.15k    85565.08k   130801.24k   184166.91k   208502.78k   210376.02k
whirlpool        15976.42k    34364.31k    57301.50k    68984.83k    73351.17k    73930.75k
aes-128 ige      57988.59k    60252.12k    61136.38k    61601.79k    61481.10k    60964.86k
aes-192 ige      49106.65k    50762.60k    51121.07k    51830.10k    51967.32k    51959.13k
aes-256 ige      41888.82k    43204.35k    43602.94k    43759.27k    43808.09k    43783.51k
ghash           142913.72k   216676.84k   245994.75k   257627.14k   261081.77k   261494.10k
rand              1794.40k     6332.84k    17327.96k    30520.32k    39195.99k    40269.57k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000108s 0.000009s   9240.9 116850.7
rsa 1024 bits 0.000356s 0.000023s   2806.3  44375.2
rsa 2048 bits 0.002501s 0.000073s    399.9  13614.2
rsa 3072 bits 0.007888s 0.000154s    126.8   6497.9
rsa 4096 bits 0.017513s 0.000267s     57.1   3739.0
rsa 7680 bits 0.139722s 0.000893s      7.2   1119.5
rsa 15360 bits 0.818462s 0.003487s      1.2    286.8
                  sign    verify    sign/s verify/s
dsa  512 bits 0.000188s 0.000110s   5326.1   9112.8
dsa 1024 bits 0.000363s 0.000273s   2752.7   3659.4
dsa 2048 bits 0.001023s 0.000904s    977.6   1105.6
                              sign    verify    sign/s verify/s
 160 bits ecdsa (secp160r1)   0.0006s   0.0005s   1768.7   2122.1
 192 bits ecdsa (nistp192)   0.0007s   0.0006s   1430.1   1750.1
 224 bits ecdsa (nistp224)   0.0010s   0.0008s    978.1   1240.5
 256 bits ecdsa (nistp256)   0.0001s   0.0002s  13068.2   4567.2
 384 bits ecdsa (nistp384)   0.0029s   0.0021s    342.8    479.4
 521 bits ecdsa (nistp521)   0.0067s   0.0047s    150.0    213.6
 163 bits ecdsa (nistk163)   0.0010s   0.0020s    982.4    495.9
 233 bits ecdsa (nistk233)   0.0014s   0.0027s    719.6    368.9
 283 bits ecdsa (nistk283)   0.0028s   0.0056s    352.9    178.4
 409 bits ecdsa (nistk409)   0.0059s   0.0117s    169.0     85.5
 571 bits ecdsa (nistk571)   0.0128s   0.0256s     78.0     39.1
 163 bits ecdsa (nistb163)   0.0011s   0.0021s    927.8    467.7
 233 bits ecdsa (nistb233)   0.0014s   0.0029s    692.9    349.6
 283 bits ecdsa (nistb283)   0.0031s   0.0061s    325.9    164.1
 409 bits ecdsa (nistb409)   0.0065s   0.0129s    152.9     77.4
 571 bits ecdsa (nistb571)   0.0144s   0.0285s     69.5     35.1
 256 bits ecdsa (brainpoolP256r1)   0.0011s   0.0009s    877.5   1060.1
 256 bits ecdsa (brainpoolP256t1)   0.0011s   0.0009s    873.0   1108.3
 384 bits ecdsa (brainpoolP384r1)   0.0029s   0.0022s    345.9    453.2
 384 bits ecdsa (brainpoolP384t1)   0.0029s   0.0021s    348.2    482.3
 512 bits ecdsa (brainpoolP512r1)   0.0048s   0.0036s    210.3    280.1
 512 bits ecdsa (brainpoolP512t1)   0.0047s   0.0033s    213.7    304.1
                              op      op/s
 160 bits ecdh (secp160r1)   0.0005s   1852.9
 192 bits ecdh (nistp192)   0.0007s   1525.1
 224 bits ecdh (nistp224)   0.0010s   1027.5
 256 bits ecdh (nistp256)   0.0002s   6080.0
 384 bits ecdh (nistp384)   0.0028s    359.9
 521 bits ecdh (nistp521)   0.0063s    157.7
 163 bits ecdh (nistk163)   0.0010s   1016.0
 233 bits ecdh (nistk233)   0.0013s    756.7
 283 bits ecdh (nistk283)   0.0027s    364.4
 409 bits ecdh (nistk409)   0.0058s    173.7
 571 bits ecdh (nistk571)   0.0125s     80.1
 163 bits ecdh (nistb163)   0.0010s    960.6
 233 bits ecdh (nistb233)   0.0014s    717.5
 283 bits ecdh (nistb283)   0.0030s    335.4
 409 bits ecdh (nistb409)   0.0063s    157.6
 571 bits ecdh (nistb571)   0.0140s     71.6
 256 bits ecdh (brainpoolP256r1)   0.0011s    919.4
 256 bits ecdh (brainpoolP256t1)   0.0011s    916.9
 384 bits ecdh (brainpoolP384r1)   0.0028s    362.7
 384 bits ecdh (brainpoolP384t1)   0.0027s    365.4
 512 bits ecdh (brainpoolP512r1)   0.0045s    219.8
 512 bits ecdh (brainpoolP512t1)   0.0045s    222.3
 253 bits ecdh (X25519)   0.0001s   8017.6
 448 bits ecdh (X448)   0.0017s    599.1
                              sign    verify    sign/s verify/s
 253 bits EdDSA (Ed25519)   0.0001s   0.0004s   8583.3   2616.3
 456 bits EdDSA (Ed448)   0.0005s   0.0019s   1999.8    534.9

Some highlights:

Doing aes-128 cbc for 3s on 1024 size blocks: 477876 aes-128 cbc's in 3.00s
Doing aes-256 cbc for 3s on 1024 size blocks: 327443 aes-256 cbc's in 3.00s

Doing 253 bits sign   Ed25519's for 10s: 85833 253 bits Ed25519 signs  in 10.00s
Doing 253 bits verify Ed25519's for 10s: 26163 253 bits Ed25519 verify in 10.00s

 253 bits ecdh (X25519)     0.0001s   8017.6
 256 bits ecdh (nistp256)   0.0002s   6080.0
 384 bits ecdh (nistp384)   0.0028s    359.9
 521 bits ecdh (nistp521)   0.0063s    157.7

 253 bits EdDSA (Ed25519)   0.0001s   0.0004s   8583.3   2616.3
 456 bits EdDSA (Ed448)     0.0005s   0.0019s   1999.8    534.9

My take on these numbers:
Although there may seem to be some significant differences between the (253/256) and (384/521) numbers, when you look closely you will see that even the worst of them is far more compute power than the average web server should ever need: 157.7 per second (0.0063 second each)
[I doubt you cloud even blink that fast!]
So unless you have thousands of concurrent users, why opt for more speed you don't actually require?
I say: Always tighten the security as much as possible, then ease off as needed and only when needed.

And there seems to have been a lot of CPU optimization work done in the 256 space to achieve those greater results. I'm not always a fan of optimization, I fear that there may be some corners being cut there that might lead to problems down the road. Did I mention I'm a pessimist? - LOL

system · January 8, 2021, 8:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.