Hi All,

In the past, with TLS .1.1/1.2, It's suggested to add both ECC/RSA certificate to web server to make sure if browser support, use ECC certificate to speed up the web site and if browser not support the fail back to RSA certificate.

Now I'm trying to enable TLS 1.3 for my website. But it seems TLS 1.3 doesn't support ECC certificate. All the ssl_cipher for TLS 1.3 are as following:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

So to get a better performance and speed, what's the suggested order?

TLS 1.3 with RSA certificate
TLS 1.2/1.1 with ECC certificate
TLS 1.2/1.1 with RSA certificate

or

TLS 1.2/1.1 with ECC certificate
TLS 1.3 with RSA certificate
TLS 1.2/1.1 with RSA certificate

Then what's the suggested ssl_ciphers order?

Fond the answer:

The new ciphersuites are defined differently and do not specify the certificate type (e.g. RSA, DSA, ECDSA) or the key exchange mechanism (e.g. DHE or ECHDE). This has implications for ciphersuite configuration.

So only need to put TLS 1.3 ciphers into the list.