If I get a certificate signed for ECDSA will older browsers be able to use RSA?

ssl ssl-certificate certificate-authority tls rsa
5,300

Have a look at this Q/A over on Information Security SE:

Is possible that a TLS server send more than one certificate to the client for the same site?

Strictly speaking, the server can send an arbitrary number of certificates to the client, as part of its Certificate message. However, as the standard says:

The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it.

Therefore, a really compliant server cannot send a choice of certificates to the client, and cannot expect clients to use any other certificate than the first one they send.

For signature algorithm support, there is a standard TLS extension specified in section 7.4.1.4.1, by which the client can tell to the server, early in the handshake (in the ClientHello, which is the very first message of the procedure), which hash functions and signature algorithms it supports. This allows a server who owns, for instance, both a RSA-signed certificate and an ECDSA-signed certificate, to send one or the other, depending on what the client supports. This is typical of how things go in TLS: the client suggests, the server chooses.

(In practice, support for this extension is not yet widespread. But, also in practice, everybody uses RSA and supports RSA.)

Share:
5,300

Related videos on Youtube

paintedbicycle
Author by

paintedbicycle

Updated on September 18, 2022

Comments

  • paintedbicycle
    paintedbicycle over 1 year

    I'm looking into using ECDHE-ECDSA and there are a lot of great articles on why (https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/) and (http://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet), for example.

    Obviously the browser support isn't great, but Chrome 30, Internet Explorer 11 on Windows 8, Safari 7 on OS X 10.9, and Firefox 26 all support TLS 1.2.

    I have looked into a few CAs and only a few sign certificates for ECDSA (Verisign/Symantec does). My question is: if I get a certificate signed for ECDSA and in my cipher chain I fall back properly, will older browsers be able to use RSA?

    I have the feeling that the answer is no, because if you sign an RSA certificate, you can't use ECDSA, but I wanted to make sure before I ruled out ECDHE-ECDSA.

    Paul

  • dave_thompson_085
    dave_thompson_085 over 9 years
    See new comment on the security.SE question: if your server can configure both an RSA key&cert AND an ECDSA one (which depends on the server, Apache uses openssl and apparently can) then it can and must use the correct key&cert (sent as the first cert) for the ciphersuite negotiated.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

client SSL certificate verify error: (27:certificate not trusted)
How do I use the openssl command to decode a public key .PEM file?
How do I determine where an SSL certificate is being served from?
Squid, configured for SSL, chokes on some sites
vsftpd does not give a valid certificate using CA cert
How do I manually authenticate a CA signed SSL certificate
What Does "L1K" indicate on an Entrust Certificate
ssl certificate self signed instead of valid
how to create a SSL certificate chain from my own CA?
How to make Apache trust a client certificate using an unknown CA, without validating the CA