AUTOSSL with 4096-bit Encryption?

[Nicola Urbinati]

Hi,

Is it possible in any way, to make AutoSSL with letsencrypt to provide 4096 certs for the domains?

Thank you.

 

[cPanelMichael]

Hello @Nicola Urbinati,

It's not possible at this time, but I encourage you to vote and add feedback to the existing feature request at:

AutoSSL with 4096 bit option

Thank you.

 

[Nicola Urbinati]

Well, that's two years old, and nothing's moving, but let's wait and hope.

 

[cPanelMichael]

Hello @Nicola Urbinati,

Could you add a comment to that feature request to let us know the specific reason you'd like to see support for 4096-bit keys added? This type of information is helpful to Development when evaluating which features to implement.

Thank you.

 

[janipewter]

4096 bit RSA is overkill and unnecessary, and it just adds a massive performance hit on busy webservers. I used to solely use 4096 bit RSA keys on all my non-cPanel hosting, until I realised that actually it is not currently feasible to crack even 2048 bit RSA. For the performance penalty, using 4096 is simply not worth it.

A far, far better option would be for cPanel to add support for ECDSA keys, and then you could use 384 bit EC key, which is much faster and more secure than 4096 bit RSA.

 

[martin MHC]

I agree entirely with janipewter stating that ECDSA would be better.

There is a feature request for this here:
CPanel to add support for ECDSA (ECC) HTTPS SSL certificates