Blogs

    Publish
     
      • Ensuring compatibility without compromising security: the case of ECC/RSA hybrid certificates

        Mar 29 2018, 10:33 PM

        by Charlotte Pommier 0

        We have talked a lot about ECC (Elliptic Curve Cryptography) for the past year. Although the use of elliptic curves is not exactly new, their use in our industry is fairly recent: ECC is a new cryptographic algorithm used for key exchange and authentication purposes in the SSL/TLS protocols (see this previous blog article for more details). 

        It is expected that RSA – the current standard - will be replaced by ECC as its scalability is becoming an issue with the arrival of IoT (Internet of Things):  explosion in number of devices, machine to machine (M2M) communications, ever-growing amount of data transfers, etc.

        We expected this change to happen. This is why Symantec’s ECC roots have been added to all major root stores back in 2007. Most CAs followed years later.

        ECC, RSA and compatibility

        The reliability and performances of ECC no longer need to be demonstrated. However, a significant obstacle to the adoption of ECC lies on the lack of support for this relatively new algorithm in legacy products.  While all modern servers and browser fully support ECC, some legacy system will not trust ECC roots, or will not be able to support ECC at all.

        Browser compatibility (root ubiquity) as of today

        Client ECC Support Pure ECC ECC & RSA Hybrid
        PC Windows XP or older Not supported Not supported
          Windows Vista or newer Supported Supported
          Mac OSX V10.9 or newer V10.6 or newer
        Mobile Android Android 3.x or newer Android 4.0 or newer
          iOS iOS 7.x or newer iOS 3.x or newer
        Ecosystem Server to Server Depends on the customer environment Depends on the customer environment

        Current Server compatibility as of today

        Vendor Product ECC CSR ECC cert install
        Microsoft Win Server 2008 (IIS 7.0) or newer Supported Supported
        Apache, nginx OpenSSL 1.0.1e Supported Supported
        Oracle Sun Java System Web Server 7.0 Supported Supported
        F5 11.5 or newer Supported Supported
        IBM HTTP Server 8.0 + PM80235 Supported Supported
        Citrix Netscaler Not Supported Not Supported

        There are devices and systems that are unable to proceed with ECC due to a trust deficit due to the missing trusted ECC root certificate and it is not always possible to upgrade, change servers or switch to another application easily. To overcome this issue, Symantec has created a solution for devices and systems that can support ECC but don’t have ECC roots in their trust stores: hybrid ECC/RSA hybrid SSL certificates.

        Hybrid certificates use ECC for encryption and authentication but are chained to a well-trusted RSA root. Hybrid ECC/RSA certificates enable you to benefit from the best protection for your current infrastructure and mitigate potential compatibility issues at the same time.

        How does it work?

        It’s fairly simple: when you enroll, we give you the choice between a full ECC certification chain (fig.1) and a hybrid ECC/RSA certification chain (fig.2). The full ECC chain comprises of your ECC SSL certificate, signed by an ECC intermediate, signed by an ECC root.

        ECC - RSA chains-01.jpg

        Fig. 1:full ECC chain

        In order to offer hybrid RSA/ECC certificates, we have created a new ECC intermediate signed by an RSA root. This intermediate can be installed as direct intermediate, or as a cross certificate to a full ECC chain.

        The direct intermediate is the solution we recommend. You benefit from ECC encryption for your infrastructure, while using a globally trusted RSA root.

        ECC - RSA chains-02.jpg

        Fig.2: hybrid ECC/RSA chain

        If you are unsure which certification path is made for you, or if you have questions or concerns, please contact us! We are happy to help and to advise.

        • Products
        • website security solutions
        • DigiCert SSL TLS Certificates
        • Products and Solutions