Consider making p256 the default certificate key_type

[april]

I'm not sure if this is the ideal place to post this, but I just wanted to give people a heads-up that Mozilla's future "Server Side TLS" guidelines will recommend ECDSA certificates for the Intermediate configuration level. This is one of the most commonly used TLS configurations for servers across the internet.

mozilla/server-side-tls#178
https://ssl-config.mozilla.org/

In our research, we found that ECDSA and RSA certificates were equally compatible with the vast majority of clients across the internet, comprising this set of clients:

• Android 4.4.2+, released October 2013
• Chrome 31+, released August 2016
• Firefox 27+, released February 2014
• IE 11 (Win 7 and Win 10), released October 2013
• Edge (all versions)
• Java 8u31+, released January 2015
• OpenSSL 1.0.1+, released March 2012
• Safari 9+, released September 2015

The reason why we are recommending ECDSA certificates over RSA certificates is that they give IE11 clients on Windows 7 access to ECDHE for key exchange; with RSA they are limited to classic DHE.

Please let me know if you have any questions! Thanks!

[mholt]

Hi April!

Caddy should already be issuing ECC certificates by default. (Renewals of existing certs use the existing key type, though, so the Caddy website is still on RSA, for example.)

I just tested against LE staging and confirmed this is the case. However, if you find otherwise, please let me know and I'll get it fixed!

[april]

Oh, awesome! You may want to update your docs:

key_type is the type of key to use when generating keys for certificates (only applies to managed or TLS or self-signed certificates). Valid values are rsa2048, rsa4096, rsa8192, p256, and p384. Default is currently rsa2048.

Thanks, @mholt!

[mholt]

Oops, yep, you're right! Did that just now, will go out with next site release.