Overview Users Self-signed Admins Cross-signed OpenSSL Home
With OpenSSL 1.1, Security Levels were introduced (explained; on page 4). If you want to achive a certain bit strength, for example, not the usual 112 or 128 but at least 192 bit for Top Secret classification, Level 4 is required.
Q.:  How do I achive 256 bit ?
A.:  With well-known certificate authorities, 256 bit (Level 5) is not possible. For Level 4:
  1. create a ECC private key; with RSA, 112 bit (Level 2) is the maximum
  2. choose not P-256 but P-384
  3. hash not with SHA-256 but SHA-384
  4. go for a certificate authority which offers not only an ECC root but also all intermediates with P-384/SHA-384. As of today, this rules out Let’s Encrypt and Sectigo. With DigiCert and GlobalSign, you cannot use their DV offerings. DigiCert OV is available to private individuals (tested); GlobalSign OV claims not to be (not tested). After you got your DigiCert certificate, you have to ask their support to re-issue the certificate under their ECC root.
  5. on your TLS server, offer (at least): If your server software is not totally broken, this works out of the box since OpenSSL 1.0.2; after a change of the Named Group even with OpenSSL 1.0.1.
  6. on your TLS client, since OpenSSL 1.1.1a, set Ciphers to DEFAULT@SECLEVEL=4
  7. if you use a Voice over Internet (VoIP) client, based on SIP, disable all Crypto Suites with 128 (and for compatibility reasons those with 192) in their name.
@