LawsHosting
Verified User
What are these? And why is it defaulted to one of the NIST gobble-de-gook ones?
What did I miss? How come all these options? How do they work?
What did I miss? How come all these options? How do they work?
SSL Key Size options?
- Thread starter LawsHosting
- Start date
- Joined
- Feb 27, 2003
- Messages
- 9,158
Thanks for the report. I've made a change to limit those ECC certs to just the 3 important variants, and simplified their naming:
They're related to this change in 1.61.0:
where DA gets the list from:
where it looks like your openssl has far more options that I've seen before 
Pre-release binaries are now available.
John
They're related to this change in 1.61.0:
where DA gets the list from:
Code:
openssl ecparam -list_curvesPre-release binaries are now available.
John
LawsHosting
Verified User
I only noticed this (I should actually read versions changelog) because a client mucked up their LE certificate...... I recreated it with the default key size and the browser complained about something (can't remember what).... So I chose 4096 and recreated it.
Do we need to do anything for these keys to work with browsers?
Do we need to do anything for these keys to work with browsers?
No, nothing special
Was it some outdated browser/OS (like windows xp?).
LawsHosting
Verified User
Latest Chrome and Win 10....... Might've been a cache issue..No, nothing special
I'll test on one of my dormant domains and report back.
LawsHosting
Verified User
The error happened again, but a few F5s, it started to run normally.
I want a user to be able to have access to ECC and RSA. What I want is the ability to set the default as an example to 2048 RSA.
Yes, ecc_certificates=1 is directadmin.conf option