I know it may be a bit out of place here, but I'd really like to know what browsers I'd be leaving behind if i were to deploy an ECDSA-only HTTPS site.
A cursory glance in SSLLabs [1] indicates I may be leaving some old versions of IE behind. However, their browser repository is neither as complete nor as accessible as caniuse.com.
thijzert
All 11 comments
+1
coolaj86
on 31 Oct 2015
+1
as-com
on 28 Dec 2015
+1
yuanyuanlife
on 13 Apr 2016
Here's a test URL using this type of certificate:
kornelski
on 20 May 2016
Also relevant to gauge the efficienty of seting up dual ssl in nginx backed by letsencrypt.
alexanderkjeldaas
on 8 Aug 2016
+1
ElleshaHackett
on 20 Apr 2017
+1
Bisaloo
on 27 Aug 2017
Actually, in the two years since I submitted this issue I've learned that if it were up to browsers, everyone would switch to ECDSA yesterday. However, the bottleneck in this scenario are corporate firewalls that MitM (decrypt and re-encrypt) all network traffic. If those devices aren't aware of ECDSA, the connection fails regardless of browser version. This is much harder to measure, unfortunately.
If we include it in this list one could get the false sense of security that an ECDSA-only site can be reached by ~98% of all browsers, but in reality, depending on your target audience, you're only available to e.g. ~70% of your customers.
thijzert
on 30 Aug 2017
This issue has been open for a long time. I also want to add that TLS 1.2 isn't supported. Any update?
dylmye
on 18 Feb 2018
+1
wiml
on 5 Sep 2018
In this brave new world of corporate firewalls, middleboxes, and crappy anti-virus software, collecting usage and availability data on network-level stuff is moot for browsers.
In the same vein, you wouldn't ask "Does Firefox 43 support IPv6?" since that largely depends on your ISP. (And also on your host OS, its configuration, and all routers between you and the target server.)
thijzert
on 12 Sep 2018
Related issues
Schweinepriester
路
3Comments
madebyfabian
路
3Comments
greigs
路
3Comments
zackarychapple
路
3Comments
rowbot-weisguy
路
3Comments
Most helpful comment
Actually, in the two years since I submitted this issue I've learned that if it were up to browsers, everyone would switch to ECDSA yesterday. However, the bottleneck in this scenario are corporate firewalls that MitM (decrypt and re-encrypt) all network traffic. If those devices aren't aware of ECDSA, the connection fails regardless of browser version. This is much harder to measure, unfortunately.
If we include it in this list one could get the false sense of security that an ECDSA-only site can be reached by ~98% of all browsers, but in reality, depending on your target audience, you're only available to e.g. ~70% of your customers.