Hello,


I noticed that after Chromium 594356 build (71.0.3563.0) it favors RSA
certificates over ECC certificates.


Windows x86-64:

https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594356/

https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/594369/


I don't get the idea from the changes in the source code. I'm curious to
know why, since obviously ECC certificates are smaller than RSA
certificates.


Let’s Encrypt

ECC 384 (E1)

RSA 4096 (R3)

nginx.conf:
        ssl_stapling         on;
        resolver             8.8.8.8 1.1.1.1 valid=300s;
        ssl_stapling_verify  on;

        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  1d;

        ssl_protocols        TLSv1.2 TLSv1.3;
        ssl_ciphers
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256;
        ssl_ecdh_curve       secp384r1;

        ssl_early_data       on;

_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org