New SSL/TLS key type in WHM/cPanel

M

MindServer

Well-Known Member
Mar 18, 2020
246
32
28
Spain
cPanel Access Level
Root Administrator
Hi friends,

In the new WHM version (92.0.6) they added a new SSL/TLS Key Type:

---------------------------------------------

1- RSA, 2,048-bit (old and default key type) -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. New installations of cPanel & WHM ship with this setting.
2- ECDSA, P-384 (secp384r1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. secp384r1 is more secure than prime256v1, but may perform slower. ECDSA is recommended for systems running LSWS.
3- ECDSA, P-256 (prime256v1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. ECDSA is recommended for systems running LSWS.
4- RSA, 4,096-bit -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. This is more secure than RSA, 2,048-bit, but will perform slower than RSA, 2,048-bit keys.

More information: https://docs.cpanel.net/knowledge-base/security/ssl-tls-key-types/

---------------------------------------------

You can see that the new key types (ECDSA) are more fast and recommended for LiteSpeed Web Server than the default key type (RSA). However the new key types (ECDSA) have this disadvantage: "Newer and not currently as widely-adopted as RSA keys".

Anybody tested him?, this new key types can create any problem in the websites or other tools that use SSL? (FTP, SSH, Email, etc.). I doing some tests before execute this update.

Thank you very much. Have a nice day!
 
Last edited by a moderator:
  • Like
Reactions: JordanHall
J

JordanHall

Registered
Jan 15, 2021
1
0
1
Toronto
cPanel Access Level
Website Owner
MindServer said:
Hi friends,

In the new WHM version (92.0.6) they added a new SSL/TLS Key Type:

---------------------------------------------

1- RSA, 2,048-bit (old and default key type) -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. New installations of cPanel & WHM ship with this setting.
2- ECDSA, P-384 (secp384r1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. secp384r1 is more secure than prime256v1, but may perform slower. ECDSA is recommended for systems running LSWS.
3- ECDSA, P-256 (prime256v1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. ECDSA is recommended for systems running LSWS.
4- RSA, 4,096-bit -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. This is more secure than RSA, 2,048-bit, but will perform slower than RSA, 2,048-bit keys.

More information: https://docs.cpanel.net/knowledge-base/security/ssl-tls-key-types/site/

---------------------------------------------

You can see that the new key types (ECDSA) are more fast and recommended for LiteSpeed Web Server than the default key type (RSA). However the new key types (ECDSA) have this disadvantage: "Newer and not currently as widely-adopted as RSA keys".

Anybody tested him?, this new key types can create any problem in the websites or other tools that use SSL? (FTP, SSH, Email, etc.). I doing some tests before execute this update.

Thank you very much. Have a nice day!
Click to expand...
Is it still relevant or not?
 
F

Football24

Registered
Jan 13, 2022
1
0
1
Wales
cPanel Access Level
Website Owner
Hi friends,

In the new WHM version (92.0.6) they added a new SSL/TLS Key Type:

---------------------------------------------

1- RSA, 2,048-bit (old and default key type) -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. New installations of cPanel & WHM ship with this setting.
2- ECDSA, P-384 (secp384r1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. secp384r1 is more secure than prime256v1, but may perform slower. ECDSA is recommended for systems running LSWS.
3- ECDSA, P-256 (prime256v1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. ECDSA is recommended for systems running LSWS.
4- RSA, 4,096-bit -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. This is more secure than RSA, 2,048-bit, but will perform slower than RSA, 2,048-bit keys.

More information: https://docs.cpanel.net/knowledge-base/security/ssl-tls-key-types/site/

---------------------------------------------

You can see that the new key types (ECDSA) are more fast and recommended for LiteSpeed Web Server than the default key type (RSA). However the new key types (ECDSA) have this disadvantage: "Newer and not currently as widely-adopted as RSA keys".

Anybody tested him?, this new key types can create any problem in the websites or other tools that use SSL? (FTP, SSH, Email, etc.). I doing some tests before execute this update.

Thank you very much. Have a nice day!

Just following up on what Jordan was asking - Is it still relevant or not?
 
S

sarahbaranowski

Registered
Jul 13, 2022
1
0
0
Ontario
cPanel Access Level
DataCenter Provider
MindServer said:
Hi friends,

In the new WHM version (92.0.6) they added a new SSL/TLS Key Type:

---------------------------------------------

1- RSA, 2,048-bit (old and default key type) -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. New installations of cPanel & WHM ship with this setting.
2- ECDSA, P-384 (secp384r1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. secp384r1 is more secure than prime256v1, but may perform slower. ECDSA is recommended for systems running LSWS.
3- ECDSA, P-256 (prime256v1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. ECDSA is recommended for systems running LSWS.
4- RSA, 4,096-bit -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. This is more secure than RSA, 2,048-bit, but will perform slower than RSA, 2,048-bit keys.

More information: https://docs.cpanel.net/knowledge-base/security/ssl-tls-key-types/page/

---------------------------------------------

You can see that the new key types (ECDSA) are more fast and recommended for LiteSpeed Web Server than the default key type (RSA). However the new key types (ECDSA) have this disadvantage: "Newer and not currently as widely-adopted as RSA keys".

Anybody tested him?, this new key types can create any problem in the websites or other tools that use SSL? (FTP, SSH, Email, etc.). I doing some tests before execute this update.

Thank you very much. Have a nice day!
Click to expand...
Does it work for a new version IE?
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
amstel SSL/TLS: Renegotiation DoS Vulnerability Security 3
K SSL/TLS Weak Key Exchange Supported? Security 6
T SSL/TLS EDIT Security 3
Spirogg In Progress CPANEL-40511 - SSL/TLS CONFIGURATION - how can we configure hostname SSL/TLS Configuration to RSA, 4,096-bit Security 4
R SSL/TLS Wizard reports HTTP DCV is wrong for wildcards Security 1
Similar threads
SSL/TLS: Renegotiation DoS Vulnerability
SSL/TLS Weak Key Exchange Supported?
SSL/TLS EDIT
In Progress CPANEL-40511 - SSL/TLS CONFIGURATION - how can we configure hostname SSL/TLS Configuration to RSA, 4,096-bit
SSL/TLS Wizard reports HTTP DCV is wrong for wildcards
Top Bottom