Use ECDSA P-256 instead of 4096-bit RSA for 'tls ephemeral' (!5627) · Merge requests · ISC Open Source Projects / BIND

Arаm Sаrgsyаn requested to merge 2264-tls-ephemeral-rsa-to-ecc into main Dec 08, 2021

ECDSA P-256 performs considerably better than the previously used 4096-bit RSA (can be observed using openssl speed), and, according to RFC 6605, provides a security level comparable to 3072-bit RSA.

Closes #2264 (closed)

Use ECDSA P-256 instead of 4096-bit RSA for 'tls ephemeral'

Merge request reports