是的,我醒了。

用了几年 Let’s Encrypt 的 RSA-2048 泛域名证书,最近试着在家里的路由器上用 acme.sh 签证书的时候(当然,神奇的移不动网络不会给我机会),才发现 README.md 里有

10. Issue ECC certificates

Let's Encrypt can now issue ECDSA certificates.

And we support them too!

Just set the keylength parameter with a prefix ec-.

For example:

Single domain ECC certificate

acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256

SAN multi domain ECC certificate

acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256

Please look at the keylength parameter above.

Valid values are:

  1. ec-256 (prime256v1, "ECDSA P-256")
  2. ec-384 (secp384r1, "ECDSA P-384")
  3. ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)

这么一段。在 官方WIP文档 里也有

ECDSA Signing Support

  • Enabled: February 10, 2016

Added the ability for Let’s Encrypt to sign ECDSA keys with Let’s Encrypt’s RSA intermediates. Support for signing ECDSA keys with a full ECDSA cert chain will be added later.

说明早就可以签 ECDSA 证书了,而里面写着的

ECDSA Root and Intermediates

Currently Let’s Encrypt only signs end-entity certificates with RSA intermediates. We now have an ECDSA root and intermediates, but still need to submit them to root programs and integrate them into our issuance system.

只是根证书一直在咕而已。

Security/Server Side TLS - MozillaWiki 里写着

We recommend ECDSA certificates using P-256, as P-384 provides negligible improvements to security and Ed25519 is not yet widely supported

Is there any benefit in including the P-384 curve in the Modern suite? · Issue #190 · mozilla/server-side-tls · GitHub

Its same reason most browsers prefer cipher suites with AES-128 first and then try AES-256. Performance/battery usage, balanced approach

所以我选择签发 P-256 --keylength ec-256

我一直在用 LNMP 一键安装包,它也自带安装 acme.sh。由于我已经有 RSA-2048 的泛域名证书在用,不知道再签 ECDSA 泛域名会发生什么,于是我首先使用了测试服务器签发

Usage: acme.sh ... [parameters ...]
Commands:
--staging, --test Use staging server, for testing.

结果发现 acme.sh 生成了新的 _ecc 目录存储 ECDSA 证书,与 RSA 证书目录在相同的目录下,就很方便。于是我又删除了测试生成的证书,重新正式签署证书,就同时拥有了可用的 RSA 和 ECDSA 泛域名证书。

我全都要.jpg

一番搜索后发现,我们可以同时在 ssl 配置中放入两种证书

ssl_certificate rsa.cer;
ssl_certificate_key rsa.key;
ssl_certificate ecc.cer;
ssl_certificate_key ecc.key;

nginx 会根据 ClientHello 自动选择,就很方便。

ssl 配置依旧使用 Mozilla SSL Configuration Generator

反正写的是废文,就不整 TOC(table of content)了

标签: none

知识共享许可协议 本作品采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议 进行许可。

添加新评论