Ensuring compatibility without compromising security: the case of ECC/RSA hybrid certificates

Twitter Card Style: 

summary

We have talked a lot about ECC (Elliptic Curve Cryptography) for the past year. Although the use of elliptic curves is not exactly new, their use in our industry is fairly recent: ECC is a new cryptographic algorithm used for key exchange and authentication purposes in the SSL/TLS protocols (see this previous blog article for more details). 

It is expected that RSA – the current standard – will be replaced by ECC as its scalability is becoming an issue with the arrival of IoT (Internet of Things):  explosion in number of devices, machine to machine (M2M) communications, ever-growing amount of data transfers, etc.

We expected this change to happen. This is why Symantec’s ECC roots have been added to all major root stores back in 2007. Most CAs followed years later.

ECC, RSA and compatibility

The reliability and performances of ECC no longer need to be demonstrated. However, a significant obstacle to the adoption of ECC lies on the lack of support for this relatively new algorithm in legacy products.  While all modern servers and browser fully support ECC, some legacy system will not trust ECC roots, or will not be able to support ECC at all.

Browser compatibility (root ubiquity) as of today

Client ECC Support Pure ECC ECC & RSA Hybrid
PC

Windows HP or older

Not supported Not supported
  Windows Vista or newer Supported Supported
  Mac OSX V10.9 or newer V10.6 or newer
Mobile Android Android 3.x or newer Android 4.0 or newer
  iOS iOS 7.x or newer iOS 3.x or newer
Ecosystem Server to Server Depends on the customer environment Depends on the customer environment

Current Server compatibility as of today

Vendor Product ECC CSR ECC cert install
Mircrosoft Win Server 2008 (IIS 7.0) or newer Supported Supported
Apache, nginx OpenSSL 1.0.1e Supported Supported
Oracle Sun Java System Web Server 7.0 Supported Supported
F5 11.5 or newer Supported Supported
IBM HTTP Server 8.0 + PM80235 Supported Supported
Citrix Netscaler Not Supported Not Supported

There are devices and systems that are unable to proceed with ECC due to a trust deficit due to the missing trusted ECC root certificate and it is not always possible to upgrade, change servers or switch to another application easily. To overcome this issue, Symantec has created a solution for devices and systems that can support ECC but don’t have ECC roots in their trust stores: hybrid ECC/RSA hybrid SSL certificates.

Hybrid certificates use ECC for encryption and authentication but are chained to a well-trusted RSA root. Hybrid ECC/RSA certificates enable you to benefit from the best protection for your current infrastructure and mitigate potential compatibility issues at the same time.

How does it work?

It’s fairly simple: when you enroll, we give you the choice between a full ECC certification chain (fig.1) and a hybrid ECC/RSA certification chain (fig.2). The full ECC chain comprises of your ECC SSL certificate, signed by an ECC intermediate, signed by an ECC root.

ECC - RSA chains-01.jpeg

Fig. 1:full ECC chain

In order to offer hybrid RSA/ECC certificates, we have created a new ECC intermediate signed by an RSA root. This intermediate can be installed as direct intermediate, or as a cross certificate to a full ECC chain.

The direct intermediate is the solution we recommend. You benefit from ECC encryption for your infrastructure, while using a globally trusted RSA root.

ECC - RSA chains-02.jpeg

Fig.2: hybrid ECC/RSA chain

If you are unsure which certification path is made for you, or if you have questions or concerns, please contact us! We are happy to help and to advise.

Leave a Reply