Add support for getting RSA3072 certificates #9

New Issue

Closed

opened 2019-11-19 05:52:20 +00:00 by Ghost · 5 comments

Ghost commented 2019-11-19 05:52:20 +00:00

Copy Link

After the migration to GreenLock v3, I can no longer get RSA3072 certificates from Let's Encrypt. It seems only two modes are supported now are ["RSA-2048", "P-256"]. Any way to add a RSA-3072 mode back? - Thanks.

After the migration to GreenLock v3, I can no longer get RSA3072 certificates from Let's Encrypt. It seems only two modes are supported now are ["RSA-2048", "P-256"]. Any way to add a RSA-3072 mode back? - Thanks.

coolaj86 commented 2019-11-19 06:03:43 +00:00

Owner

Copy Link

Yes and no.

That it happened to work before is coincidence. RSA-2048 is recommended. RSA-3072 is NOT recommended.

Most cloud providers don't allow certificates > RSA-2048 (too much CPU spend and increase in latency on TLS handshakes).

You can provide RSA-3072 and it will create the JWKs as per spec recommendations (with the accompanying SHA-384 hash), but again, I think it was just pure accident that Let's Encrypt didn't block bad RSA-3072 configurations before, because Greenlock v2 had verifiably broken 3072 support and I don't think Let's Encrypt supports 3072 in the proper configuration.

So, while this implementation is compatible with a hypothetical future version of a Let's Encrypt server that fully supports RSA-3072 and RSA-4096... I don't think such a server exists yet.

Yes and no. That it happened to work before is coincidence. RSA-2048 is recommended. RSA-3072 is NOT recommended. Most cloud providers don't allow certificates > RSA-2048 (too much CPU spend and increase in latency on TLS handshakes). You can provide `RSA-3072` and it will create the JWKs as per spec recommendations (with the accompanying SHA-384 hash), but again, I think it was just pure accident that Let's Encrypt didn't block bad RSA-3072 configurations before, because Greenlock v2 had verifiably broken 3072 support and I don't think Let's Encrypt supports 3072 in the proper configuration. So, while this implementation is compatible with a hypothetical future version of a Let's Encrypt server that fully supports RSA-3072 and RSA-4096... I don't think such a server exists yet.

Ghost commented 2019-11-19 06:08:51 +00:00

Author

Copy Link

Oh, very interesting. I do understand the CPU requirements concern. Especially when dealing with a free service, one most take care not to abuse. I will close this issue, RSA2048 is plenty. Many thanks.

Oh, very interesting. I do understand the CPU requirements concern. Especially when dealing with a free service, one most take care not to abuse. I will close this issue, RSA2048 is plenty. Many thanks.

Ghost closed this issue 2019-11-19 06:08:51 +00:00

coolaj86 commented 2019-11-19 06:09:11 +00:00

Owner

Copy Link

Keep in mind that we're still somewhere between several decades and a few hundred years away from any reasonable ability to break RSA-1024, which means that we're... several hundred millennia away from being able to break RSA-2048.

RSA-3072 is gross overtaxing of CPU cycles for a problem that will most likely never exist (especially considering that transistors only have 2-3 generations left before we're at the atom, from which we literally can't get any smaller).

And if it ever does exist, it will probably be due to a completely different computer architecture (i.e. if quantum computers are ever able to actually solve discrete math problems) which will likely require not just a "stronger" key, but an algorithm that follows entirely different principles.

Keep in mind that we're still somewhere between several decades and a few hundred years away from any reasonable ability to break RSA-1024, which means that we're... several hundred millennia away from being able to break RSA-2048. RSA-3072 is gross overtaxing of CPU cycles for a problem that will most likely never exist (especially considering that transistors only have 2-3 generations left before we're at the atom, from which we literally can't get any smaller). And if it ever does exist, it will probably be due to a completely different computer architecture (i.e. if quantum computers are ever able to actually solve discrete math problems) which will likely require not just a "stronger" key, but an algorithm that follows entirely different principles.

coolaj86 commented 2019-11-19 06:09:52 +00:00

Owner

Copy Link

👍

:+1:

Ghost commented 2019-11-19 06:23:42 +00:00

Author

Copy Link

Understood. There are many discussions about this online, no need for this here. Again, many thanks for your support of this library.

Understood. There are many discussions about this online, no need for this here. Again, many thanks for your support of this library.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

fix-v2-bump-deps

v2

github

next

v4

npm

v3

wip

dns-challenge-regression-fix

v2.4

v2.5

v2.3

v2.2

acmev2

v2.1

greenlock

v1

node-letsencrypt-python

v2.8.9

v4.0.5

v4.0.4

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.1.5

v3.1.4

v3.1.3

v3.0.25

v3.0.24

v3.0.23

v3.0.21

v3.0.20

v3.0.19

v3.0.18

v3.0.17

v3.0.16

v3.0.15

v3.0.12

v3.0.11

v3.0.10

v3.0.9

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.23

v2.7.22

v2.7.21

v2.7.20

v2.7.19

v2.7.18

v2.7.17

v2.7.16

v2.7.15

v2.7.14

v2.7.13

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.10

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.2

v2.4.1

v2.4.0

v2.3.13

v2.3.12

v2.3.11

v2.3.10

v2.3.9

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.20

v2.2.19

v2.2.17

v2.2.18

v2.2.16

v2.2.15

v2.2.14

v2.2.13

v2.2.12

v2.2.11

v2.2.10

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.0

v2.1.19

v2.1.18

v2.1.17

v2.1.16

v2.1.15

v2.1.14

v2.1.13

v2.1.12

v2.1.11

v2.1.10

v2.1.9

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v1.5.8

v2.0.5

v2.0.4

v1.5.7

v1.5.6

v1.5.5

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.2

v1.0.0

v1.0.1

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/greenlock.js#9

No description provided.