2015-11-19 15:45 GMT+01:00 Piotr Kubaj <pku...@riseup.net>: > Now, about RSA vs ECDSA. I simply don't trust ECDSA. There are quite a > lot of questions about constants used by ECDSA, which seem to be > chosen quite arbitrarily by its creator, which happens to be NSA. > These questions of course remain unanswered. Even respected scientists > like Schneier say that RSA should be used instead (see > https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html#c167 > 5929
But ECDSA itself does not contain any constants (see https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm). Yes, you have to choose domain parameters and most commonly used are NIST ones. But you can also use brainpool curves, which specifically avoid using any arbitrary constants (see http://www.ecc-brainpool.org/download/Domain-parameters.pdf) and they are even defined for TLS (https://tools.ietf.org/html/rfc7027) and apparently supported by latest OpenSSL. Unfortunately not by anything else. OK, anyway that's your preference, I'm not going to argue about ECDSA or not;) > ). When I'm done setting my HTTP(S) services, I'll simply limit > incoming connections connections on my firewall so DDOS'ing won't be > possible, unless you DDOS my firewall :) I've never said anything about DDoS. In such setup there is no need for distributed DoS. The CPU usage of RSA 8192 is so high that a single shell script running on a single attack machine can kill any server. If you are willing to limit your connection rate on a firewall to a few per second, then fine;) As for your problem. Now that it seems like SSL problem, can you just try with RSA 4096 or 2048? RSA 8192 is really not much tested in most code, so maybe the problem is in fact related. -- Janusz Dziemidowicz
