ECDSA certificate not NIST/HIPAA compliant, because SERVER CERTIFICATES ARE SIGNED WITH A WRONG ALGORITHM (sha256WithRSAEncryption instead ecdsa-with-SHA256)

Ilya_indigo · September 8, 2019, 11:03am

ECDSA certificate not NIST/HIPAA compliant, SERVER CERTIFICATES ARE SIGNED WITH A WRONG ALGORITHM (sha256WithRSAEncryption instead ecdsa-with-SHA256).
https://www.immuniweb.com/ssl/?id=cRcQCUmb

Why you sha256WithRSAEncryption instead ecdsa-with-SHA256?

tdelmas · September 8, 2019, 11:09am

Let’s Encrypt only provide leaf ECDSA certificates, signed by RSA intermediates. (or leaf RSA certificates, signed by RSA intermediates)

It will provide in the future, ECDSA certificates, signed by ECDSA intermediates: https://letsencrypt.org/upcoming-features/

Ilya_indigo · September 8, 2019, 11:15am

Thank you for the quick response!
I will wait for this support!

Tell me, please, do you support the signature of ECDSA certificates created using the X25519 curve?

Osiris · September 8, 2019, 3:48pm

No, Let's Encrypt doesn't support EdDSA. Mostly, I think, because it isn't allowed by the CA/B Forum.

system · October 8, 2019, 3:48pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Signature Algorithm with SHA256ECDSA Feature Requests	13	9909	April 9, 2017
TLS 1.2 and TLS 1.3 need Curve25519 and Curve448 SSL certificates Issuance Policy	14	5688	July 27, 2023
Elliptic Curve Cryptography (ECC) Support Feature Requests	200	61361	June 19, 2016
"EC XXX bits (SHAXXXwithRSA)" versus "EC XXX bits (SHAXXXwithECDSA)"? What's the difference? Does it matter? Issuance Tech	25	4763	September 4, 2022
Support Ed25519 and Ed448 Feature Requests	11	9562	December 29, 2020

ECDSA certificate not NIST/HIPAA compliant, because SERVER CERTIFICATES ARE SIGNED WITH A WRONG ALGORITHM (sha256WithRSAEncryption instead ecdsa-with-SHA256)

Related topics