Networking & Content Delivery

CloudFront now Supports ECDSA Certificates for HTTPS Connections to Origins

The adoption of Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocols to encrypt Internet traffic has increased in response to cybercrime, compliance requirements (PCI v3.2), and a commitment to secure customer data. A survey of the top 135,000 websites revealed that more than 55 percent were secured by SSL.1. Amazon CloudFront offers customers several capabilities to help protect and secure content that you can read about in our whitepaper here. This blog introduces CloudFront’s support for ECDSA certificates for HTTPS connections to origin servers.

The SSL/TLS Handshake Process

Let’s start with a quick overview of the SSL/TLS handshake process that CloudFront uses to establish secure connections to help protect data that is served between CloudFront and origin servers. We use the HTTPS protocol, together with a set of cryptographic algorithms (a cipher suite) that you choose, to establish secure communication channels between the origin and CloudFront.

When CloudFront initiates a secure connection with an origin server, the authentication between the two is accomplished using asymmetric cryptography. The SSL/TLS handshake process starts with CloudFront sending your origin server a “Hello” message. In response, your origin servers send a digital certificate created using a private key & signed by a trusted Certificate Authority (CA) and its corresponding public key. When CloudFront receives the certificate, it uses the provided public key to verify the digital signature and to establish a secure encrypted connection.

ECDSA vs RSA

The encryption strength of a connection depends on the key size and the complexity of the chosen algorithm. Traditionally customers’ origin servers have used RSA 2048-bit asymmetric keys for TLS termination. RSA algorithms use the product of two large prime numbers, with another number added to it to create a public key. The private key is a related number. The strength of RSA relies on the presumed difficulty of breaking a key that requires factoring the product of two large prime numbers. However, advancements in compute technologies have reduced the efficacy of RSA algorithms making it easier to break the encryption. If you want to maintain encryption strength while continuing to use RSA, one option would be to increase the size of your RSA keys. This approach isn’t easily scalable because using larger keys increases the compute cost for cryptography.

Alternatively, you could choose ECDSA, which changes the underlying mathematical problem on which the security is based. ECDSA is built on the principle that it is difficult to solve for the discrete logarithm of a random elliptic curve when its base is known, also known as the Elliptic Curve Discrete Logarithm Problem (ECDLP). This allows for the use of shorter key lengths to achieve the equivalent security of RSA at much longer key sizes. The following table provides NIST’s estimates of the maximum security strength of asymmetric cryptographic algorithms for a given key size:

In addition to the security benefit, the smaller keys enable faster algorithms that will increase the number of TLS handshakes per second that the origin can process. This increase in throughput by using ECDSA will reduce the compute cycles needed for cryptography freeing up your resources to process other workloads. To measure the throughput benefit, we ran an OpenSSL speed test in our environment to compare 2048-bit RSA and 256-bit ECDSA (nistp256), and the following were the results:

Based on the results and the NIST security strength estimates (shown in the two tables above), the nistp256 option was 95% faster in our tests than 2048-bit RSA while providing the same security strength as 3072-bit RSA.

CloudFront support for ECDSA at the Origin

To help optimize both encryption strength and performance, CloudFront supports “256 bit ecdsa (nistp256)” and “384 bit ecdsa (nistp384)” elliptical curves. The following is a complete list of cipher suites that CloudFront supports for ECDSA:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-AES256-SHA
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-ECDSA-AES128-SHA

To use ECDSA at origin, you can choose any one of the available curves to generate the private key. Next, you will have to generate an ECDSA Digital Certificate and set your origin up to prefer it. You do not have to make any changes to settings in the CloudFront console or APIs to use this feature. There is no additional fee to use this feature either.

Switching to ECDSA for Your Origin Servers

CloudFront will continue to support RSA for TLS connections. However, if you have concerns with the strength and/or throughput of your current encryption for TLS handshake with your origin servers, then ECDSA could be a great option to explore. If you’re using an AWS Application Load Balancer as your load balancer, you can also associate an ECDSA certificate with your load balancer. In addition to the security and performance benefit from using ECDSA, you’ll also experience a reduction in the computational cost of cryptography—an added bonus!

To learn more about the ciphers and protocols you can use with CloudFront, please refer to our Developer Guide.