roles/certbot/files/certbot-renewal.service · 5d736b89e0f5894a4805fe90cd76474dae6ce5dd · Arch Linux / infrastructure

8 months ago

certbot: Use ECDSA (P-256) certificates, not RSA · fb1f0354

Jan Alexander Steffens (heftig) authored 8 months ago

certbot switched to ECDSA by default about two years ago, following
[recommended practices][1].

We are currently using RSA with 4096 bits, which is extremely slow to
sign. Using ECDSA should give us a nice speedup.

[1]: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29

fb1f0354

History

certbot: Use ECDSA (P-256) certificates, not RSA

Jan Alexander Steffens (heftig) authored 8 months ago

certbot switched to ECDSA by default about two years ago, following
[recommended practices][1].

We are currently using RSA with 4096 bits, which is extremely slow to
sign. Using ECDSA should give us a nice speedup.

[1]: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29

Code owners

Assign users and groups as approvers for specific file changes. Learn more.

Admin message