SSL/TLS Key Types
Valid for versions 92 through the latest version
Version:
92
Last modified: July 19, 2022
Overview
cPanel & WHM offers users the choice of a preferred key type for SSL/TLS. Currently, you can select from RSA keys or Elliptic Curve Digital Signature Algorithm (ECDSA) keys for your SSL/TLS needs. These keys are currently the two most widely-used and recognized algorithms for SSL/TLS public key signing.
When selecting a key type for your certificates, knowing which best serves your site’s security and performance needs is important.
ECDSA keys versus RSA keys
There are several notable differences between ECDSA and RSA keys:
ECDSA
In general, ECDSA keys are:
- Smaller than RSA keys of equivalent strength.
- Newer and not currently as widely-adopted as RSA keys.
- Faster than RSA for SSL/TLS signing and handshakes. This helps websites load faster.
- Supports LiteSpeed Web Server (LSWS) users that require support for Microsoft® Internet Explorer 11 (IE11) and Windows® 8.1.
- Endorsed by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
RSA
In general, RSA keys are:
- Well-established and widely-recognized as the industry standard.
- Required by Certificate Authorities (CA) to be at least 2,048 bits in size.
- Capable of supporting many older systems and client software.
- RSA does not support PCI-compliant TLS for IE11 for LiteSpeed Web Servers.
Key length differences
ECDSA keys are shorter in length than RSA keys in bit size, but can provide the same security levels as RSA keys. For example, a 224-bit ECDSA key provides comparable security to a 2,048-bit RSA key.
The following table compares both key types’ key length and strength, in bits:
| RSA key length | ECDSA key length |
|---|---|
| 1024 | 160 |
| 2048 | 224 |
| 3072 | 256 |
| 7680 | 384 |
| 15360 | 512 |
As illustrated above, ECDSA keys scale much better than RSA keys. This can help users with greater security needs effectively secure their servers for less overall size.
Changing your default key type
You can modify your preferred key type in the following interfaces:
In WHM
- The SSL/TLS Configuration interface (WHM » Home » SSL/TLS » SSL/TLS Configuration).
- The Security section of the Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings).
In cPanel
- The SSL/TLS interface (cPanel » Home » Security » SSL/TLS).