Topic: ECDSA question

[mrdj1024]

hello!
so i came across this "ECDSA does not encrypt or prevent someone from seeing or accessing your data, what it protects against though is making sure that the data was not tampered with"
so does this mean if we use ssl for a webserver our only option is RSA? because i always liked ecdsa because of the shorter keysizes and faster ssl handshakes,but if its not encrypting the data from packet sniffers its basically useless,so should we switch to rsa 3072 bit to get the equivalent of a p-256 key?

[James Blond]

ECDSA is secure with the correct options. I wrote an article on which ciphers to choose from and why[1] and there is an example configuration how to get an A+ at SSL test labs.[2]

Your p-256 key is too weak. You need at least 384 plus a 521 one.


[1] https://mariobrandt.de/archives/apache/choosing-the-right-cipher-alias-crypto-wars-part-twelve-1475/
[2] https://github.com/JBlond/debian_build_apache24/blob/master/ssl.conf

[mrdj1024]

thankyou very much for the detailed info! i made a new 384 key and added your conf options and got an a+ on ssllabs
does this look right?

[James Blond]

Your configuration looks good.

[mrdj1024]

according to mozilla these suites are also secure

[James Blond]

DHE-RSA-AES256-GCM-SHA384, DHE-RSA-CHACHA20-POLY1305, and DHE-RSA-AES128-GCM-SHA256 have no EC (elliptic curves) and are no longer considered secure.

ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256 are still on "the good list"[1] of SSL test labs but have only 128 bits.

[1] https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

[mrdj1024]

thankyou,so i updated my ssl conf to

[DnvrSysEngr]

Looks same as mine, except i have CHACHA listed in 2nd place

SSLCipherSuite SSL --- ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256

SSLCipherSuite TLSv1.3 --- TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

[mrdj1024]

thanks for the reply!
i'd appreciate it if someone could make me a list in the correct order so i can use both 384 ecdsa and 3072 bit rsa certs on the same server.
i dont need an a+ rating by any means but it would be nice to be able to use both types of encryption with both security and speed in mind.

[DnvrSysEngr]

I have mine sorted on what I discovered to be the most secure/robust based on the research I had done. Not sure I can provide any more information than that.