Hybrid RSA and ECDSA certificates with NginX

NginX version 1.11.0 just became available and that means we can now serve both RSA and ECDSA certificates for maximum performance without having to drop support for older clients.

Nginx 1.11.0

As I noted a couple of days ago, the 1.11.0 release of NginX was set to provide the ability to use both RSA and ECDSA certificates to clients.

The new version of NginX is available for download now and you can go ahead and grab the source. Here is the appropriate section from the change log that we're looking for.

Feature: the "ssl_certificate" and "ssl_certificate_key" directives can be specified multiple times to load certificates of different types (for example, RSA and ECDSA).

If you need instructions on how to build NginX from source, my blog on PageSpeed has the details so check that out. Once you have built the new version, adding support for hybrid RSA and ECDSA certificates is easy! You go from this:

ssl_certificate /path/to/rsa.crt;
ssl_certificate_key /path/to/rsa.key;

To this:

ssl_certificate /path/to/rsa.crt;
ssl_certificate_key /path/to/rsa.key;
ssl_certificate /path/to/ecdsa.crt;
ssl_certificate_key /path/to/ecdsa.key;

That's it! NginX will choose the appropriate key and certificate to use based on the capabilities the client advertises in the ClientHello so you can use the faster ECDSA certificate for capable clients and gracefully fall back to RSA for older clients. Job done! If you need some details on how to get setup with certificates then I have a blog on getting started with Let's Encrypt that will get you setup with an RSA certificate and another blog on getting ECDSA certificates with Let's Encrypt. All of the above linked articles will cover everything you need to get going.

Update 6th Jun

At present you need to compile NginX against OpenSSL 1.0.2 in order for OCSP stapling to work properly. You don't need to change your system version, just download the appropriate version and use a config argument when compiling NginX such as --with-openssl=/path/to/openssl-1.0.2h.

This is the cipher suite configuration I'm using to prioritise ECDSA suites over RSA to ensure that they get selected first:

Author image
About Scott Helme
United Kingdom Website
Security researcher, entrepreneur and international speaker who specialises in web technologies.