Reach out to ACME client implementations to recommend ECDSA - Githubissues

mozilla / server-side-tls

Server side TLS Tools

https://ssl-config.mozilla.org

Mozilla Public License 2.0

1.12k stars 142 forks source link

Reach out to ACME client implementations to recommend ECDSA #254

Open april opened 5 years ago

april commented 5 years ago

I'm not sure how much time I'll have to do this, but I wanted to create an ongoing thread to encourage independent ACME implementations to switch to ECDSA as part of the upcoming Server Side TLS 5.0 updates:

https://github.com/mozilla/server-side-tls/issues/178 https://letsencrypt.org/docs/client-options/

ACME v2

Certbot: https://github.com/certbot/certbot/issues/6492 acme.sh: https://github.com/Neilpang/acme.sh/issues/2350 dehydrated: https://github.com/lukas2511/dehydrated/issues/651 GetSSL: https://github.com/srvrco/getssl/issues/417 cPanel: Emailed @bennyvasquez

Go

Caddy: ~~https://github.com/mholt/caddy/issues/2650~~ (ecdsa256 by default) Lego: Already uses ecdsa384 by default

Java

Acme4j: ~~https://github.com/shred/acme4j/issues/78~~ (documentation updated)

ghen2 commented 1 year ago

Certbot 2.0 and (soon) acme.sh have made the switch.