[openssl-users] Generating CSR based on an x25519 public key

Jakob Bohm jb-openssl at wisemo.com
Mon Oct 23 22:24:54 UTC 2017

On 21/10/2017 15:38, Codarren Velvindron wrote:
> https://tls13.crypto.mozilla.org is using : The connection to this 
> site is encrypted and authenticated using a strong protocol (TLS 1.3), 
> a strong key exchange (X25519), and a strong cipher (AES_128_GCM).
> Using openssl standard tools is it possible to generate a CSR through 
> Ed25519 ?

If you look further into this test page, at least with my
browser, it uses x25519 with a regular RSA certificate from
Let's encrypt.  I don't know if they use a different
certificate with other browsers based on checking some TLS
extensions etc.

The x25519 public key has no certificate, it is randomly
generated for each connection and signed with the RSA key
from the certificate.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list