If you've configured a web server with an RSA certificate signed by an ECDSA Certificate Authority, then you may get errors from your browsers like:
ERR_SSL_PROTOCOL_ERROR (Chrome)
SSL_ERROR_HANDSHAKE_FAILURE_ALERT (Firefox)
If this web server works perfectly fine with an RSA certificate signed by an RSA-based PKI, then it is likely your web server is configured with invalid TLS Ciphers for these ECDSA-signed certificates. Looking at RFC 4492, we can see the requirements of the certificates in section 5.3 mandate that any ECDH/ECDHE algorithms must have specific requirements met for the signing CA or the keys of the server certificate:
Key Exchange Algorithm Server Certificate Type
---------------------- -----------------------
ECDH_ECDSA Certificate MUST contain an
ECDH-capable public key. It
MUST be signed with ECDSA.
ECDHE_ECDSA Certificate MUST contain an
ECDSA-capable public key. It
MUST be signed with ECDSA.
ECDH_RSA Certificate MUST contain an
ECDH-capable public key. It
MUST be signed with RSA.
ECDHE_RSA Certificate MUST contain an
RSA public key authorized for
use in digital signatures. It
MUST be signed with RSA.So ciphers like these would be invalid:
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
You'll need to reconfigure your web server to use alternative valid ciphers, such as:
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_256_GCM_SHA384
If you're uncertain about what TLS ciphers to use, OWASP provide a good reference for what ciphers you should be using. You'll need to evaluate your requirements against the user base that will be connecting to your services, as Internet-facing services can have vastly different requirements to large Enterprise networks with legacy systems in use.
