This isnt an nginx question. Ask chromium developers why they chose that approach.
Sent from my Galaxy -------- Original message -------- From: wordlesswind via nginx <nginx@nginx.org> Date: 5/21/22 14:56 (GMT-05:00) To: nginx@nginx.org Cc: wordlesswind <i...@qingly.me> Subject: Why do newer versions of Chromium favor RSA certificates over ECC certificates? Hello, I noticed that after Chromium 594356 build (71.0.3563.0) it favors RSA certificates over ECC certificates. Windows x86-64: https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/ https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/ I don't get the idea from the changes in the source code. I'm curious to know why, since obviously ECC certificates are smaller than RSA certificates. Let’s Encrypt ECC 384 (E1) RSA 4096 (R3) nginx.conf: ssl_stapling on; resolver 8.8.8.8 1.1.1.1 valid=300s; ssl_stapling_verify on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256; ssl_ecdh_curve secp384r1; ssl_early_data on; _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
_______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
