SSL Key Size options?

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
2,043
Location
London UK
What are these? And why is it defaulted to one of the NIST gobble-de-gook ones?

What did I miss? How come all these options? How do they work?

2020-06-15_20-41-38.jpg
 

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,091
Thanks for the report. I've made a change to limit those ECC certs to just the 3 important variants, and simplified their naming:

They're related to this change in 1.61.0:

where DA gets the list from:
Code:
openssl ecparam -list_curves
where it looks like your openssl has far more options that I've seen before :)

Pre-release binaries are now available.

John
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
2,043
Location
London UK
I only noticed this (I should actually read versions changelog) because a client mucked up their LE certificate...... I recreated it with the default key size and the browser complained about something (can't remember what).... So I chose 4096 and recreated it.

Do we need to do anything for these keys to work with browsers?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,622
Location
LT, EU
I only noticed this (I should actually read versions changelog) because a client mucked up their LE certificate...... I recreated it with the default key size and the browser complained about something (can't remember what).... So I chose 4096 and recreated it.

Do we need to do anything for these keys to work with browsers?
No, nothing special :) Was it some outdated browser/OS (like windows xp?).
 

kevinb

Verified User
Joined
Jul 27, 2006
Messages
101
Can we please get the ability to select the default. Most users just click and have no clue which is the best option.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,622
Location
LT, EU
Yes, ecc_certificates=1 is directadmin.conf option :) Set it to 0 if you want RSA.
 

kevinb

Verified User
Joined
Jul 27, 2006
Messages
101
I want a user to be able to have access to ECC and RSA. What I want is the ability to set the default as an example to 2048 RSA.

Yes, ecc_certificates=1 is directadmin.conf option :) Set it to 0 if you want RSA.
 
Top