ECDSA testing on staging

You might try to add -sha256 to your openssl req ... command. Although I just made a CSR without that switch and it was signed with ecdsa-with-SHA256 also… Perhaps your OpenSSL has different defaults… You could always check the signature algorithm with openssl req -noout -text -inform der <signreq.der

But why doesn’t it do 521?

maybe http://security.stackexchange.com/questions/100991/why-is-secp521r1-no-longer-supported-in-chrome-others ?

Thanks, that worked! With -sha256 the certificate has been generated successfully.
(I should have checked the command I used for generating an RSA CSR to notice it had -sha256 while the one for ECDSA didn’t have it )

too bad. EC iirc needs double the bits of a symmetric key to provide the same security and I would love to provide seamless 256-bit strong stuff, that’s why my personal RSA key is 16k.

Equal if P521 or not i am now waiting when the new EC-Type will go to production.
Because since i having HSTS activated i can check it via ssllabs but not with web browsers.
So it is nice that i new keytype work with my client implementation but without trusted in the browsers
it does not help. It is no more than using an self singed certificate.

@jsha Why is it “intended” for P-521 not to work?

To make it short they do not like it.

Staging is updated with the latest configs and is issuing with the correct keyUsages.

Yes indeed, confirmed for ECDSA public key:

    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature
        X509v3 Extended Key Usage: 

But with a RSA public key:

    X509v3 extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment
        X509v3 Extended Key Usage: 

And confirmed proper behaviour in Chrome

Yay On to the release branch! (And must-staple is almost ready too! )

why is key encipherment just for RSA but not ECDSA?
(edit when my fingers are faster than my brain)

[quote=“My1, post:59, topic:8809”]
for RSA but not RSA?
[/quote] You meant ECDSA, presumably.

keyEncipherment means something that is only possible with RSA certificates, it doesn’t exist for ECDSA or DSA certificates. (And incidentally, said RSA key exchange is non-PFS anyway and for that reason (EC)DHE is preferred, just using the RSA key for signing the exchange.)

Nice! I also just used an P-256 ECDSA CSR with the Staging Server and got a certificate containing only the Digital Signature (0x80) flag for Key Usage.

Can’t wait until this goes into production, so I can finally use AES_GCM (AEAD) instead of obsolete AES_CBC ciphers for Windows Server 2012R2 with IIS and for the Win7/8 clients using IE connecting to it (because SChannel on Windows before Win10/Server2016 supports TLS_ECDHE_ECDSA_WITH_AES_GCM, but not TLS_ECDHE_RSA_WITH_AES_GCM…)

How do I properly generate an ec csr for LE? Please excuse the newb question.

I though I had it using the prime256v1 curve but when I try to generate a cert against staging I receive an invalid signature algorithm error.

Did you use the SHA256 hash? Some OpenSSL configs default to SHA1.

That was it. thank you.

This is still staging only correct or can I do this on production? If not, what’s the eta? I’m just curious. I’m in no rush whatsoever.

Hello @Fsantiago1979,

Since 10 Feb is in production too:

Cheers,
sahsanu

Still no secp521r1 support. I’m still waiting on this so I don’t have to self-sign my certificates anymore

me too.
I mean p521 is the equivalent of essentially 256bit symmetric and essetially 15k+ RSA, giving it a lot more strength against Moore’s law than p256 or p384