New SSL/TLS key type in WHM/cPanel

MindServer

Well-Known Member
Mar 18, 2020
200
30
28
Spain
cPanel Access Level
Root Administrator
Hi friends,

In the new WHM version (92.0.6) they added a new SSL/TLS Key Type:

---------------------------------------------

1- RSA, 2,048-bit (old and default key type) -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. New installations of cPanel & WHM ship with this setting.
2- ECDSA, P-384 (secp384r1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. secp384r1 is more secure than prime256v1, but may perform slower. ECDSA is recommended for systems running LSWS.
3- ECDSA, P-256 (prime256v1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. ECDSA is recommended for systems running LSWS.
4- RSA, 4,096-bit -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. This is more secure than RSA, 2,048-bit, but will perform slower than RSA, 2,048-bit keys.

More information: https://docs.cpanel.net/knowledge-base/security/ssl-tls-key-types/

---------------------------------------------

You can see that the new key types (ECDSA) are more fast and recommended for LiteSpeed Web Server than the default key type (RSA). However the new key types (ECDSA) have this disadvantage: "Newer and not currently as widely-adopted as RSA keys".

Anybody tested him?, this new key types can create any problem in the websites or other tools that use SSL? (FTP, SSH, Email, etc.). I doing some tests before execute this update.

Thank you very much. Have a nice day!
 
Last edited by a moderator:
  • Like
Reactions: JordanHall

JordanHall

Registered
Jan 15, 2021
1
0
1
Toronto
cPanel Access Level
Website Owner
Hi friends,

In the new WHM version (92.0.6) they added a new SSL/TLS Key Type:

---------------------------------------------

1- RSA, 2,048-bit (old and default key type) -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. New installations of cPanel & WHM ship with this setting.
2- ECDSA, P-384 (secp384r1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. secp384r1 is more secure than prime256v1, but may perform slower. ECDSA is recommended for systems running LSWS.
3- ECDSA, P-256 (prime256v1) -> ECDSA allows websites to support Internet Explorer 11 and retain compliance with PCI standards. ECDSA is recommended for systems running LSWS.
4- RSA, 4,096-bit -> RSA is more compatible with older clients (for example, browsers older than Internet Explorer 11) than ECDSA. This is more secure than RSA, 2,048-bit, but will perform slower than RSA, 2,048-bit keys.

More information: https://docs.cpanel.net/knowledge-base/security/ssl-tls-key-types/site/

---------------------------------------------

You can see that the new key types (ECDSA) are more fast and recommended for LiteSpeed Web Server than the default key type (RSA). However the new key types (ECDSA) have this disadvantage: "Newer and not currently as widely-adopted as RSA keys".

Anybody tested him?, this new key types can create any problem in the websites or other tools that use SSL? (FTP, SSH, Email, etc.). I doing some tests before execute this update.

Thank you very much. Have a nice day!
Is it still relevant or not?