Support for ECDSA certificates

[wwuck]

This is a feature request to support generating ECDSA certificates with Let's Encrypt. Support for EC certificates was enabled on Let's Encrypt servers back in February.

[vrbyjimmy]

Hi,

I've created a simple ACME client based on AcmeSharp and BouncyCastle to issue an ECDSA certificates from LE. You are welcome to use it or take a look at how can the CSR request be made to obtain an ECDSA certificate from LE.

https://github.com/vrbyjimmy/EcdsaAcmeNet

[ebekker]

Thanks -- I'll check it out and look into incorporating ECDSA support directly into ACMESharp.

[MaddestScience]

@ebekker Did you get any progress in adding support for ECDSA? I'm highly interested in this feature, yet, i have no knowledge in programming it myself ;)

[jwdavidson]

Qualys SSL Labs will be deprecating RSA based crypto algorithms starting March 2018. ECDSA certificates should at least be available by then, if they are not the default.

[rhymeswithmogul]

@jwdavidson Where did you see that? I'm all for ECDSA certificates, but I'm using the SSL Labs development version and I can still get an A+ rating with only an RSA certificate.

[GitGuruGangsta]

@jwdavidson: Thought the same first, but thats not true. Qualys SSL will just test for AEAD ciphers being available on your server. Look at the List in RFC5288 https://tools.ietf.org/html/rfc5288. It's not about RSA or ECDSA certificates, but rather AES128/256_GCM_SHA256/384 in your server's cipher suites. And also non-AEAD ciphers won't be "deprecated" in my opinion. But you are right in the way that TLS_ECDHEECDSA.... cipher suites will only work with ECDSA certificates (as far as i understand). Since you are on a windows machine obviously you have a little bit of a bad luck. Not every client (especially old ones) will be able to use ECDSA ciphers and you are not able on IIS to provide dual certificates (for ECDSA and a fallback to RSA). But you can do that with other webservers like nginx or apache.

I have a WindowsServer 2012 R2 here and RSA_GCM is just not available, so i will run in that Qualys SSL problem if I don't switch to ECDSA_GCM (what is surprisingly available).

But yes, I also would like to have the ability to create ECDSA certificates with ACMESharp!!!

[jwdavidson]

@izydorkowalsky Qualys SSL updated their report since I raised the issue. It looks like they realized that they would exclude all RSA ciphers if they continued with the AEAD requirement. Currently I am using EcdsaAcmeNet to get ECDSA certificates, but have not had time to cormfirm certificate rolloever works as well as AcmeSharp based scripts

[GitGuruGangsta]

@jwdavidson You are wrong again. Here the AEAD part from RFC5288.

AES-GCM Cipher Suites

The following cipher suites use the new authenticated encryption modes defined in TLS 1.2 with AES in Galois Counter Mode (GCM) [GCM]:

  CipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9C}
  CipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9D}
  CipherSuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0x9E}
  CipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9F}
  CipherSuite TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = {0x00,0xA0}
  CipherSuite TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0xA1}
  CipherSuite TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA2}
  CipherSuite TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA3}
  CipherSuite TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = {0x00,0xA4}
  CipherSuite TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = {0x00,0xA5}
  CipherSuite TLS_DH_anon_WITH_AES_128_GCM_SHA256 = {0x00,0xA6}
  CipherSuite TLS_DH_anon_WITH_AES_256_GCM_SHA384 = {0x00,0xA7}

These cipher suites use the AES-GCM authenticated encryption with associated data (AEAD) algorithms AEAD_AES_128_GCM and AEAD_AES_256_GCM described in [RFC5116].