Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
542 views
in Technique[技术] by (71.8m points)

https - Are there any disadvantages to using a 4096-bit encrypted SSL certificate?

I was recently requesting a SSL cert via GoDaddy and noticed this message:

Make sure the CSR you generate uses a 2048-bit or greater key length

In the past I have always generated 2048-bit CSR requests, but this time it got me thinking that perhaps I should "step it up," and it seems like the next step would be a 4096-bit version.

There isn't much info available on 4096-bit SSL certs - but apparently many people have been using 1024-bit certificates until they absolutely had to upgrade and now some browsers won't support the 1024-bit certificates anymore.

How is browser support for 4096-bit certificates? If GoDaddy requires "at least" a 2048-bit certificate, is that enough, or should I try and do something more? If so, what are the advantages and disadvantages?

PS: the two links in GoDaddy's message are CSR Help and Learn more, neither of which I found very helpful.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Pretty much all* browsers will support 4096-bit keys. The issue you'll run into is that key exchange is slower with larger keys, which will increase load on the server and slow down page loading on the client.

2048-bit keys are generally considered safe for the time being. If you want an intermediate step, though, 3072-bit keys are right smack-dab in the middle.

*: Only exception might be a couple of weird, old mobile / embedded browsers.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...