rolandshoemaker
commented
8 years ago Closing as duplicate of #1592/won't fix for now. Browser support hasn't changed, Chrome dropped support and NSS is considering dropping it. Browser based SSL/TLS is our main focus so the extra complexity just isn't worth it yet.
It should also be noted that a number of dependencies that we rely on, such as SoftHSM, don't support secp521r1 which would prevent us from doing any local testing for that curve.
I would love to use the same security level as symmetric 265 bit (Level: 8 https://www.keylength.com/en/3/ ) with asymmetric crypto for mail delivery. Nearly everyone uses OpenSSL. Old Windows servers can still connect via RSA. I don't want to be forced to use self-signed certs any longer. https://ssl-tools.net/mailservers/terrax.net Because acme.sh supports "ec-521", it would be enough to enable it on the server side (and not in the LE client for normal users).