ECDSA HTTPS certificates are faster and more secure. Here's where you (still) can't use them.

Where to go - and where not to - when you want something better than RSA

By Mike on 17th May 2017

Most sites on the internet right now use 2048 bit RSA. However that's where RSA tends to end: when sites move to stronger certificates they generally pick ECC (i.e. ECDSA) over 2048 bit RSA. Few CAs provide 4096 bit RSA keychains, and a 4096 bit RSA key signed by a 2048 bit RSA intermediary doesn't make a lot of sense.

That's because ECC is faster than older style RSA keys. On mobile devices the reduced CPU usage when making new HTTPS connections with ECC keys also means better battery life than their RSA equivalents. Modern CDNs like CloudFlare use ECC as default.

With CertSimple, we'll create a small, custom bash/powershell script that instantly makes an ECC keypair using the P-256 curve.

As of May 17th 2017, here's the curves supported by the major browsers:

secp256r1 secp384r1 secp521r1 x25519
Chrome
Edge
Firefox
Safari

You can find out what your browser supports at SSL Labs. If you see curves that start with tls_grease these aren't real curves, but actually a clever way to identify broken TLS servers.

Safe curves on the way

You'll notice x25519 is supported in 3 of the 4 major browsers. Curve 25519 is one of the 'safe curves' - easier to implement in software and therefore less prone to buggy implementations than other curves. You can't get a Curve 25519 cert signed by a CA at the moment, but there's a draft for curve 25519 use in TLS and once that's approved the Baseline Requirements created by the CA/Browser forum will likely add 25519 as an approved curve.

ECC is faster than the equivalent strength RSA certs, and that's also good for battery life. So, as we go into 2017, where can't you use an ECC HTTPS certificate?

CertSimple defaulted to ECC in July 2016. So after nearly a year we have a good idea about the current state of ECC in the wild.

Heroku

At the time of publishing, you'll want to use an RSA key for both 'Heroku SSL' and 'SSL Endpoint' services:

Heroku DevCenter mentions:

Heroku only supports RSA keys for certs. Elliptic curve (ECC) keys are not supported.

We reached out to Heroku and they confirmed they're working on fixing this.

Amazon CloudFront and Amazon Certificate Manager

The Amazon CloudFront Developer Guide mentions:

CloudFront supports only RSA public/private key pairs.

Likewise AWS Certificate Manager FAQ:

Q: Does ACM support elliptic curve (ECDSA) certificates?

Not at this time.

Amazon staff have also privately confirmed ECC support is being worked on.

Out of date F5 load balancers

This is actually fixed: F5's BIG-IP devices got ECC support in BIG-IP 11.4.0, released around July 2015.

However F5s are frequently used by enterprises that, through a fundamental misunderstanding of risk - that there is risk of change but no risk of stasis - don't upgrade their software frequently. If you're intending to terminate on an F5 appliance make sure it's up to date before using an ECC cert.

And finally

If you know other HTTPS terminators that still don't yet work with ECC let us know and we'll update this document.

Mike MacCana, founder at CertSimple.

CertSimple makes EV HTTPS fast and painless.

An EV HTTPS certificate verifies the company behind your website. But getting verified is a slow painful process. CertSimple provides EV HTTPS certificates 40x faster than other vendors. We check your company registration, network details, physical address and flag common errors before you pay us, provide verification steps specific for your company, update in realtime during the process, and even check your infrastructure to help you set up HTTPS securely.
Verify your site now!