ECDSA for SSL/TLS certificates

[kernow]

I read that in version 92 'cPanel & WHM now supports ECDSA keys' 92 release notes .
Why not ED25519 ?? which uses an elliptic curve signature scheme, and so offers better security than ECDSA and has been available for a few years now. cPanel frequently seems to be behind the curve when it comes to security matters
For those system admins interested in using ED25519 for SSH Keys there's a good howto here
No, I won't be submitting a feature request because it will be years before you get round to it, and besides better security shouldn't be a feature request.

 

[cPanelLauren]

HI @kernow

Yes, that is correct, we do now support ECDSA keys for SSL certificates in v92.

Why not ED25519 ?? which uses an elliptic curve signature scheme, and so offers better security than ECDSA and has been available for a few years now. cPanel frequently seems to be behind the curve when it comes to security matters
For those system admins interested in using ED25519 for SSH Keys there's a good howto here

I believe there may be some confusion and I'd like to clarify, as far as ED25519 goes we've supported ED25519 and ECDSA keys for SSH since v58 of cPanel and WHM with case ID CPANEL-5294 58 Change Log | cPanel & WHM Documentation

We do not currently support ED25519 keys for SSL certificates since ED25519 as a whole is not supported for SSL certificates at this time. Please see the following:

6.1.5 Key sizes For RSA key pairs the CA SHALL: • Ensure that the modulus size, when encoded, is at least 2048 bits, and; • Ensure that the modulus size, in bits, is evenly divisible by 8. For ECDSA key pairs, the CA SHALL: • Ensure that the key represents a valid point on the NIST P-256, NIST P-384 or NIST P-521 elliptic curve. No other algorithms or key sizes are permitted. 6.1.6 Public key parameters generation and

As always we will re-evaluate support of this if/when it becomes standardized