TLS without RSA: Is it Possible?

TL;DR

Yes, a device can be TLS compliant without using RSA. While historically dominant, RSA is just one algorithm supported by the TLS protocol. Modern TLS implementations commonly use Elliptic Curve Cryptography (ECC) algorithms like ECDSA and EdDSA, or symmetric key exchange methods, offering better performance and security in many cases.

Understanding TLS & RSA

TLS (Transport Layer Security) is a protocol that provides secure communication over a network. It relies on cryptography to encrypt data and verify the identity of communicating parties. RSA (Rivest–Shamir–Adleman) is an asymmetric encryption algorithm often used in TLS for key exchange, digital signatures, and encryption/decryption.

Why Move Beyond RSA?

• Performance: ECC generally offers faster computation speeds than RSA for the same level of security.
• Key Size: ECC requires smaller key sizes to achieve equivalent security levels, reducing bandwidth and storage requirements.
• Security Concerns: While still considered secure when implemented correctly, RSA is vulnerable to certain attacks if weak parameters are used or side-channel vulnerabilities exist.

Alternatives to RSA in TLS

1. Elliptic Curve Cryptography (ECC): This is the most common alternative.
   • ECDSA (Elliptic Curve Digital Signature Algorithm): Used for digital signatures, verifying server identity.
   • ECDHE (Elliptic-Curve Diffie–Hellman Ephemeral): Used for key exchange, providing perfect forward secrecy.
2. EdDSA (Edwards-curve Digital Signature Algorithm): A more modern signature scheme known for its simplicity and security.
3. Symmetric Key Exchange: Algorithms like Diffie–Hellman (DH) can be used, but require pre-shared secrets or a trusted third party to establish the initial key. This is less common in typical TLS setups.

How to Configure TLS without RSA

The specific configuration steps depend on your server software (e.g., Apache, Nginx, OpenSSL). Here are general guidelines:

1. Generate ECC Keys

Use OpenSSL to generate an ECDSA key pair. For example, to create a key using the secp384r1 curve:

openssl ecparam -name secp384r1 -genkey -noout -out secp384r1_private.pem

2. Create a Certificate Signing Request (CSR)

Generate a CSR using the private key:

openssl req -new -key secp384r1_private.pem -out csr.pem

3. Obtain an SSL/TLS Certificate

Submit the CSR to a Certificate Authority (CA). Many CAs now support issuing certificates for ECC keys.

4. Configure Your Server

Configure your web server to use the new certificate and private key. The configuration will vary depending on the server software. Here’s an example snippet for Nginx:

server {
  listen 443 ssl;
  ssl_certificate /path/to/your/certificate.pem;
  ssl_certificate_key /path/to/your/secp384r1_private.pem;
  ...
}

5. Enable ECDHE Cipher Suites

Ensure your server is configured to use ECDHE cipher suites, which provide perfect forward secrecy:

In Nginx, this might involve setting the ssl_ciphers directive appropriately. For example:

ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA';

Note: While the example above includes RSA cipher suites, you can configure it to *only* use ECC ciphers for a completely RSA-free setup. Consult your server documentation for specific options.

6. Test Your Configuration

Use an online SSL checker (e.g., SSL Labs Server Test) to verify that your server is configured correctly and supports TLS without RSA. Pay attention to the supported cipher suites and key exchange methods.