AnsweredAssumed Answered

SSLLabs and sites with hybrid ECC-RSA certificates

Question asked by สุรศักดิ์ ซีไอเอส²พี on Oct 9, 2016
Latest reply on Oct 14, 2016 by สุรศักดิ์ ซีไอเอส²พี

Sites using ECC certificate with only ECDSA cipher suites enabled, e.g., https://boxed-wine.xyz/, usually have certificate details reported correctly under the Authentication section. However, sites with both ECC and RSA certificates with both ECDSA and RSA cipher suites enabled, e.g., https://blog.cloudflare.com/, usually have only RSA certificates and chains reported. Sometimes even when the key of the certificate is correctly reported as EC, the signature algorithm is still being reported as RSA and not ECDSA although it's actually ECDSA. Shouldn't both ECC and RSA certificates and chains be reported for such sites?

Outcomes