summary
We have talked a lot about ECC (Elliptic Curve Cryptography) for the past year. Although the use of elliptic curves is not exactly new, their use in our industry is fairly recent: ECC is a new cryptographic algorithm used for key exchange and authentication purposes in the SSL/TLS protocols (see this previous blog article for more details).
It is expected that RSA – the current standard – will be replaced by ECC as its scalability is becoming an issue with the arrival of IoT (Internet of Things): explosion in number of devices, machine to machine (M2M) communications, ever-growing amount of data transfers, etc.
We expected this change to happen. This is why Symantec’s ECC roots have been added to all major root stores back in 2007. Most CAs followed years later.
ECC, RSA and compatibility
The reliability and performances of ECC no longer need to be demonstrated. However, a significant obstacle to the adoption of ECC lies on the lack of support for this relatively new algorithm in legacy products. While all modern servers and browser fully support ECC, some legacy system will not trust ECC roots, or will not be able to support ECC at all.
Browser compatibility (root ubiquity) as of today
| Client | ECC Support | Pure ECC | ECC & RSA Hybrid |
|---|---|---|---|
| PC |
Windows HP or older |
Not supported | Not supported |
| Windows Vista or newer | Supported | Supported | |
| Mac OSX | V10.9 or newer | V10.6 or newer | |
| Mobile | Android | Android 3.x or newer | Android 4.0 or newer |
| iOS | iOS 7.x or newer | iOS 3.x or newer | |
| Ecosystem | Server to Server | Depends on the customer environment | Depends on the customer environment |
Current Server compatibility as of today
| Vendor | Product | ECC CSR | ECC cert install |
|---|---|---|---|
| Mircrosoft | Win Server 2008 (IIS 7.0) or newer | Supported | Supported |
| Apache, nginx | OpenSSL 1.0.1e | Supported | Supported |
| Oracle | Sun Java System Web Server 7.0 | Supported | Supported |
| F5 | 11.5 or newer | Supported | Supported |
| IBM | HTTP Server 8.0 + PM80235 | Supported | Supported |
| Citrix | Netscaler | Not Supported | Not Supported |
There are devices and systems that are unable to proceed with ECC due to a trust deficit due to the missing trusted ECC root certificate and it is not always possible to upgrade, change servers or switch to another application easily. To overcome this issue, Symantec has created a solution for devices and systems that can support ECC but don’t have ECC roots in their trust stores: hybrid ECC/RSA hybrid SSL certificates.
Hybrid certificates use ECC for encryption and authentication but are chained to a well-trusted RSA root. Hybrid ECC/RSA certificates enable you to benefit from the best protection for your current infrastructure and mitigate potential compatibility issues at the same time.
How does it work?
It’s fairly simple: when you enroll, we give you the choice between a full ECC certification chain (fig.1) and a hybrid ECC/RSA certification chain (fig.2). The full ECC chain comprises of your ECC SSL certificate, signed by an ECC intermediate, signed by an ECC root.
Fig. 1:full ECC chain
In order to offer hybrid RSA/ECC certificates, we have created a new ECC intermediate signed by an RSA root. This intermediate can be installed as direct intermediate, or as a cross certificate to a full ECC chain.
The direct intermediate is the solution we recommend. You benefit from ECC encryption for your infrastructure, while using a globally trusted RSA root.
Fig.2: hybrid ECC/RSA chain
If you are unsure which certification path is made for you, or if you have questions or concerns, please contact us! We are happy to help and to advise.