Based on your IP (Internet Protocol) address,
, you are
a visitor of my website.
Based on your browser's HTTP Accept-Language header,
, you are an American visitor.
Based on your browser's HTTP User-Agent header,
, you are using an unknown browser.
Your browser's protocol and cipher suite in use are respectively TLSv1.2, and ECDHE-ECDSA-AES256-GCM-SHA384, where:
I switched to an ECC certificate because:
- I read on the Internet that ECC (Elliptic Curve Cryptography) is faster than RSA.
It provides AES-128-GCM encryption with Visual Basic .NET's SSLStream class, but with RSA, SSLStream does not support AES-128-GCM encryption:
instead, I saw it provided the old AES-256-CBC encryption, which my Google Chrome browser marks "obsolete".
Its keys are shorter:
Less bits to process means less CPU usage and improved performance.
Some websites use 4096-bit RSA certificates, but keep in mind that increasing key sizes, you are slowing down the entire TLS handshake!
If you want both performance and security (most modern browsers support ECC), consider choosing an ECC 256-bit key for your TLS certificate.
But if you want both compatibility and security (but not performance, sorry), consider choosing an RSA 2048-bit key for your TLS certificate.
DH key exchanges use keys that are usually 2048 bits long that are like RSA, except that DH does not provide asymmetric encryption, only key exchange.
With ECDH key exchanges instead, they use keys that are way much shorter: just 256 bits of key size are enough for security, because the keys are based on an elliptic curve,
instead on integer factorization, like RSA is based.