Why do newer versions of Chromium favor RSA certificates over ECC certificates?

wordlesswind via nginx Sat, 21 May 2022 11:59:03 -0700

Hello,

I noticed that after Chromium 594356 build (71.0.3563.0) it favors RSAcertificates over ECC certificates.



Windows x86-64:

https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/

https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/

I don't get the idea from the changes in the source code. I'm curious toknow why, since obviously ECC certificates are smaller than RSAcertificates.



Let’s Encrypt

ECC 384 (E1)

RSA 4096 (R3)

nginx.conf:
        ssl_stapling         on;
        resolver             8.8.8.8 1.1.1.1 valid=300s;
        ssl_stapling_verify  on;

        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  1d;

        ssl_protocols        TLSv1.2 TLSv1.3;

ssl_ciphersECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;

        ssl_ecdh_curve       secp384r1;

        ssl_early_data       on;

_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

Why do newer versions of Chromium favor RSA certificates over ECC certificates?

Reply via email to