Certificados ECC vs RSA: ¿cuál deberías elegir?

ECC (Elliptic Curve Cryptography) and RSA are two algorithms used to generate SSL certificate key pairs. Both are secure, but ECC produces smaller keys with equivalent security and faster TLS handshakes. Most modern deployments should use ECC.

Comparativa rápida

Por qué ECC es mejor para la mayoría de los casos de uso

Smaller keys, same security

A 256-bit ECC key provides security equivalent to a 3072-bit RSA key. Smaller keys mean:

• Smaller certificates → less data transferred during TLS handshake
• Faster signature verification → reduced CPU load
• Lower bandwidth → matters for high-traffic sites and mobile connections

Faster handshakes

ECDSA signature operations are significantly faster than RSA, especially on the server side. For high-traffic sites, this reduces CPU usage and time-to-first-byte.

Forward secrecy

Modern TLS uses ECDHE (Ephemeral Elliptic Curve Diffie-Hellman) for key exchange regardless of your certificate type. But ECC certificates pair naturally with ECDHE — the entire handshake uses elliptic curve math, which is more efficient than mixing RSA and ECDHE.

Cuándo RSA todavía tiene sentido

Legacy device compatibility

Some older devices, embedded systems, and IoT hardware don’t support ECC. If you need to support:

• Windows XP SP2 or earlier
• Very old Android versions (< 4.0)
• Certain embedded systems or hardware load balancers

…then RSA 2048 is the safer choice.

Organizational requirements

Some compliance frameworks or internal policies may specify RSA. This is increasingly rare, but check your requirements.

Adopción en el mundo real

The industry is migrating from RSA to ECC:

Cómo check what your site uses

echo | openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2>/dev/null \
  | openssl x509 -noout -text | grep "Public Key Algorithm"
# ECDSA: "id-ecPublicKey"
# RSA: "rsaEncryption"

Or check in your browser: padlock → Certificate → Details → Subject Public Key Info.

Lo que usa GetHTTPS

GetHTTPS generates ECDSA P-256 keys by default for certificates, and P-256 for ACME account keys. You can select RSA 2048 for the certificate key if needed.

P-256 (also called prime256v1 or secp256r1) is:

• Supported by all modern browsers and servers
• Recommended by Let’s Encrypt
• Used by most high-traffic websites (Google, Cloudflare, etc.)
• Supported in the Web Crypto API (which GetHTTPS uses for key generation)

Consideraciones post-cuánticas

Neither ECC nor RSA is quantum-safe. A sufficiently powerful quantum computer could break both using Shor’s algorithm. The industry is preparing by developing post-quantum key exchange (ML-KEM, formerly Kyber) for TLS, which will be used alongside existing algorithms in a hybrid mode.

This doesn’t affect your certificate choice today — the migration to post-quantum will happen at the protocol level (TLS), not the certificate level. Use ECC now and let the TLS stack handle the transition.

Preguntas frecuentes

Can I switch from RSA to ECC (or vice versa)?

Yes. Generate a new certificate with the desired key type and replace the files on your server. The server doesn’t care which algorithm previous certificates used.

Does my web server need special configuration for ECC?

No. Nginx and Apache handle ECC certificates the same way as RSA — same directives, same file format (PEM). The server auto-detects the key type.

Is P-384 better than P-256?

P-384 offers ~192-bit security vs P-256’s ~128-bit. In practice, 128-bit security is far beyond what’s breakable today (or in the foreseeable future). P-256 is faster and more widely optimized. Unless you have a specific compliance requirement for P-384, use P-256.