An open API service indexing awesome lists of open source software.

https://github.com/centminmod/centminmod-ed25519-ssl-certs


https://github.com/centminmod/centminmod-ed25519-ssl-certs

Last synced: 3 months ago
JSON representation

Awesome Lists containing this project

README

          

```
./ed25519-certs.sh
Usage: ./ed25519-certs.sh -d domain.com,www.domain.com,sub.domain.com [-e expiry_years] [-p /path/to/save]
```
```
./ed25519-certs.sh -d domain.com,www.domain.com -e 10 -p /usr/local/nginx/conf/ssl
Certificate request self-signature ok
subject=CN = domain.com
Self-signed certificate and private key have been generated and saved to /usr/local/nginx/conf/ssl/ed25519-domain.com/:

Private Key: /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.key
Certificate: /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.crt
CSR: /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.csr

To use these in your Nginx configuration, add the following lines:

ssl_certificate /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.key;

Here are the details of the generated certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:f3:0b:4a:80:74:e2:87:69:ff:3f:cd:a4:8a:9b:16:f9:ec:a3:4d
Signature Algorithm: ED25519
Issuer: CN = domain.com
Validity
Not Before: Sep 6 04:03:50 2024 GMT
Not After : Sep 4 04:03:50 2034 GMT
Subject: CN = domain.com
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
73:65:0b:88:30:43:cd:7c:45:74:29:ca:cf:7e:71:
c0:d5:b4:77:70:e6:27:b2:e2:87:fa:56:50:d0:09:
27:03
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:domain.com, DNS:www.domain.com
X509v3 Subject Key Identifier:
80:9A:85:AD:72:88:A9:85:1A:18:00:0F:60:0C:4B:7C:BE:E7:74:5D
Signature Algorithm: ED25519
Signature Value:
cd:bb:cc:7c:69:2a:74:be:c9:fd:17:7a:7e:da:58:e3:3e:47:
1a:47:0a:e8:d9:c6:27:52:4e:a9:87:03:3a:8c:b2:4f:47:45:
11:f1:52:22:fe:84:3b:f4:88:1c:66:2f:82:cf:b9:b4:d8:7b:
14:1c:5e:e6:ed:59:69:c0:c2:0c
```

Centmin Mod Nginx vhost creation for domain.com using `nv` command line method https://centminmod.com/nginx_domain_dns_setup.html

```
nv -d domain.com -s y -u YOURFTP_USERNAME
```

`nv` command output excerpt

```
domain: http://domain.com
vhost conf file for domain.com created: /usr/local/nginx/conf/conf.d/domain.com.conf

vhost ssl for domain.com created successfully

domain: https://domain.com
vhost ssl conf file for domain.com created: /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/domain.com/domain.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/domain.com/domain.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/domain.com/domain.com.csr
Backup SSL Private Key: /usr/local/nginx/conf/ssl/domain.com/domain.com-backup.key
Backup SSL CSR File: /usr/local/nginx/conf/ssl/domain.com/domain.com-backup.csr

upload files to /home/nginx/domains/domain.com/public
vhost log files directory is /home/nginx/domains/domain.com/log

-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/


Sep 5 02:55 1.1K demodomain.com.conf
Sep 5 02:55 1.5K virtual.conf
Sep 6 03:55 2.4K domain.com.conf
Sep 6 03:55 3.9K domain.com.ssl.conf

-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/domain.com


Aug 30 07:21 424 dhparam.pem
Sep 6 03:55 302 domain.com.key
Sep 6 03:55 615 domain.com.csr
Sep 6 03:55 1.1K domain.com.crt

-------------------------------------------------------------
Commands to remove domain.com

rm -rf /usr/local/nginx/conf/conf.d/domain.com.conf
rm -rf /usr/local/nginx/conf/conf.d/domain.com.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/domain.com/domain.com.crt
rm -rf /usr/local/nginx/conf/ssl/domain.com/domain.com.key
rm -rf /usr/local/nginx/conf/ssl/domain.com/domain.com.csr
rm -rf /usr/local/nginx/conf/ssl/domain.com
rm -rf /home/nginx/domains/domain.com
rm -rf /root/.acme.sh/domain.com
rm -rf /root/.acme.sh/domain.com_ecc
rm -rf /usr/local/nginx/conf/pre-staticfiles-local-domain.com.conf
service nginx restart

-------------------------------------------------------------
vhost for domain.com setup successfully
domain.com setup info log saved at:
/root/centminlogs/centminmod_060924-035525_nginx_addvhost_nv.log
-------------------------------------------------------------
```

Modify domain.com's Nginx vhost config file at `/usr/local/nginx/conf/conf.d/domain.com.ssl.conf` commenting out default self-signed SSL certificates and use ones generated by `ed25519-certs.sh` above.

```
server {
listen 443 ssl;
http2 on;
server_name domain.com www.domain.com;

ssl_dhparam /usr/local/nginx/conf/ssl/domain.com/dhparam.pem;
# ssl_certificate /usr/local/nginx/conf/ssl/domain.com/domain.com.crt;
# ssl_certificate_key /usr/local/nginx/conf/ssl/domain.com/domain.com.key;
ssl_certificate /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/ed25519-domain.com/domain.com.key;
include /usr/local/nginx/conf/ssl_include.conf;
```

Restart Nginx

```
ngxrestart
```
or
```
systemctl restart nginx
```

Use openssl client to check if domain.com serves the ED25519 based self-signed SSL certificate.

See references to `ED25519`

```
echo -n | openssl s_client -connect domain.com:443 -servername domain.com

CONNECTED(00000003)
depth=0 CN = domain.com
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = domain.com
verify return:1
---
Certificate chain
0 s:CN = domain.com
i:CN = domain.com
a:PKEY: ED25519, 256 (bit); sigalg: ED25519
v:NotBefore: Sep 6 04:03:50 2024 GMT; NotAfter: Sep 4 04:03:50 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIBMzCB5qADAgECAhQR8wtKgHTih2n/P82kipsW+eyjTTAFBgMrZXAwFTETMBEG
A1UEAwwKZG9tYWluLmNvbTAeFw0yNDA5MDYwNDAzNTBaFw0zNDA5MDQwNDAzNTBa
MBUxEzARBgNVBAMMCmRvbWFpbi5jb20wKjAFBgMrZXADIQBzZQuIMEPNfEV0KcrP
fnHA1bR3cOYnsuKH+lZQ0AknA6NIMEYwJQYDVR0RBB4wHIIKZG9tYWluLmNvbYIO
d3d3LmRvbWFpbi5jb20wHQYDVR0OBBYEFICaha1yiKmFGhgAD2AMS3y+53RdMAUG
AytlcANBAM27zHxpKnS+yf0Xen7aWOM+RxpHCujZxidSTqmHAzqMsk9HRRHxUiL+
hDv0iBxmL4LPubTYexQcXubtWWnAwgw=
-----END CERTIFICATE-----
subject=CN = domain.com
issuer=CN = domain.com
---
No client certificate CA names sent
Peer signature type: Ed25519
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 679 bytes and written 394 bytes
Verification error: self-signed certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 18 (self-signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: CDFC1E92B92812C9D7057560F0D2B49B58A45153EB6E689193364A8D578C1E43
Session-ID-ctx:
Resumption PSK: 682E1E537B5FDACAF79715518B49C320346E7F9481FD033EC39130FEB9566437E84A3CCCDB0F081B5951030523458A79
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - cf be a8 d6 d9 ef 8e 61-19 c3 42 4c 0a d1 9d 08 .......a..BL....
0010 - 3a ff 35 07 94 85 bc b4-46 69 d7 17 a4 c5 09 c0 :.5.....Fi......
0020 - 71 9a 2c c8 c7 fc 41 d5-b5 99 26 46 dc 69 40 c2 q.,...A...&F.i@.
0030 - 7c c8 0d fe a3 9d e3 ed-a5 33 64 50 8b 1b 29 c8 |........3dP..).
0040 - 5c 58 1e 56 57 3b 3d 7d-e0 29 d6 67 e0 c4 84 f7 \X.VW;=}.).g....
0050 - e6 9b a6 35 c8 8d 27 da-6c be 52 a4 af 04 17 d4 ...5..'.l.R.....
0060 - ea 38 d0 17 63 d9 c0 2d-bf 00 4d ee 15 58 47 f7 .8..c..-..M..XG.
0070 - 6d eb 2c 14 37 35 7f 26-a0 53 06 bc 25 73 62 8f m.,.75.&.S..%sb.
0080 - ab b1 1f 38 16 26 ef ee-f3 52 00 e1 40 72 2b 2e ...8.&...R..@r+.
0090 - 6c 3f af d2 a0 2e 0d bb-b0 1f df 8f f5 23 82 27 l?...........#.'
00a0 - 90 da 12 60 f8 fb d4 92-d1 a3 3c 6a 87 af a6 bf ...`......f31W.......i
0030 - 2f 7e 67 0d 1c 05 c1 00-fa 2c e6 3f 30 00 35 a5 /~g......,.?0.5.
0040 - da 0f 11 7d 16 df 19 bb-d6 b1 35 e7 6e b1 1f 69 ...}......5.n..i
0050 - 4d 35 de 6f fb ac 6b 19-70 41 7c 67 1f dc 56 f7 M5.o..k.pA|g..V.
0060 - b1 4a 13 d1 b8 3a 7b 02-5c ce 12 44 e8 a1 24 c7 .J...:{.\..D..$.
0070 - 5e 3d d2 a7 bf 9c 20 31-ba c6 bf 30 34 0d 8f c6 ^=.... 1...04...
0080 - 28 58 ab 04 f7 b5 47 f9-35 51 19 97 29 69 be 50 (X....G.5Q..)i.P
0090 - f4 21 09 c4 a0 db 93 43-6a 51 06 79 5f 84 b2 74 .!.....CjQ.y_..t
00a0 - 38 fe df 97 5b 43 95 d4-8e c0 91 c1 75 df 8c 2b 8...[C......u..+
00b0 - d7 11 6f 27 22 f6 71 b5-d3 c3 60 a3 ea ad 92 5b ..o'".q...`....[
00c0 - 4a 82 d9 18 a7 3e 2c ff-8c c1 8d 56 1c f3 9e 8d J....>,....V....
00d0 - 1b 04 c3 47 5e 31 be 7e-a8 ec 03 f8 3c d8 75 30 ...G^1.~....<.u0

Start Time: 1725595669
Timeout : 7200 (sec)
Verify return code: 18 (self-signed certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
DONE
```

# testssl

Centmin Mod `tools/switch-nginx-ciphers.sh` tool's testssl run. Notice TLSv1.2/TLSv1.3 sig_algs offered = `ED25519` and

```
Signature Algorithm Ed25519
Server key size EdDSA Ed25519
```

And notice the `client simulations` many clients and web browser's do not yet support `ED25519` - only Java, Go, OpenSSL clients support it.

Full `tools/switch-nginx-ciphers.sh` tool's testssl run:

```
tools/switch-nginx-ciphers.sh testssl domain.com:443
testssl.sh --nodns=min --wide -p -c -f -E -S -P --quiet https://domain.com:443

Start 2024-09-06 04:27:16 -->> 192.168.122.60:443 (domain.com) <<--

Testing protocols via sockets except NPN+ALPN

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY not offered
ALPN/HTTP2 not offered

Testing server's cipher preferences

no matching cipher in this list found (pls report this): DHE-RSA-SEED-SHA:SEED-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256:ECDHE-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:ADH-AES256-GCM-SHA384:AECDH-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA .
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2 (listed by strength)
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLSv1.3 (server order)
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256

Has server cipher order? unable to determine

Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4

FS is offered (OK) , ciphers follow (client/browser support is important here)

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

Elliptic curves offered: prime256v1 secp384r1 secp521r1 X25519 X448
TLS 1.2 sig_algs offered: Ed25519
TLS 1.3 sig_algs offered: Ed25519

Testing server defaults (Server Hello)

TLS extensions (standard) "renegotiation info/#65281" "server name/#0" "EC point formats/#11" "session ticket/#35" "supported versions/#43"
"key share/#51" "supported_groups/#10" "max fragment length/#1" "application layer protocol negotiation/#16"
"extended master secret/#23"
Session Ticket RFC 5077 hint no -- no lifetime advertised
SSL Session ID support no
Session Resumption Tickets no, ID: no
TLS clock skew Random values, no fingerprinting possible
Certificate Compression none
Client Authentication none
Signature Algorithm Ed25519
Server key size EdDSA Ed25519
Server key usage --
Server extended key usage --
Serial 11F30B4A8074E28769FF3FCDA48A9B16F9ECA34D (OK: length 20)
Fingerprints SHA1 880BCF2B79BA2F8197A0C436CF09A9C9BD4FFB1A
SHA256 A7E4400B1DDC5CEFDFE72ED343FA160CB1C6072DC5323A2894BEF3D01511B089
Common Name (CN) domain.com
subjectAltName (SAN) domain.com www.domain.com
Trust (hostname) Ok via SAN and CN (same w/o SNI)
Chain of trust NOT ok (self signed)
EV cert (experimental) no
Certificate Validity (UTC) 3649 >= 60 days (2024-09-06 04:03 --> 2034-09-04 04:03)
>= 10 years is way too long
ETS/"eTLS", visibility info not present
Certificate Revocation List --
OCSP URI --
NOT ok -- neither CRL nor OCSP URI provided
OCSP stapling not offered
OCSP must staple extension --
DNS CAA RR (experimental) (instructed to minimize/skip DNS queries)
Certificate Transparency N/A
Certificates provided 1
Issuer domain.com
Intermediate Bad OCSP (exp.) Ok

Testing ciphers per protocol via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLS 1
-
TLS 1.1
-
TLS 1.2
xc02c ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 253 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
xcca9 ECDHE-ECDSA-CHACHA20-POLY1305 ECDH 253 ChaCha20 256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xc02b ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 253 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS 1.3
x1302 TLS_AES_256_GCM_SHA384 ECDH 253 AESGCM 256 TLS_AES_256_GCM_SHA384
x1303 TLS_CHACHA20_POLY1305_SHA256 ECDH 253 ChaCha20 256 TLS_CHACHA20_POLY1305_SHA256
x1301 TLS_AES_128_GCM_SHA256 ECDH 253 AESGCM 128 TLS_AES_128_GCM_SHA256
Could not determine the protocol, only simulating generic clients.

Running client simulations via sockets

Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Android 11 (native) No connection
Android 12 (native) No connection
Chrome 79 (Win 10) No connection
Chrome 101 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 100 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 101 Win 10 21H2 No connection
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) No connection
Safari 15.4 (macOS 12.3.1) No connection
Java 7u25 No connection
Java 8u161 No connection
Java 11.0.2 (OpenJDK) No connection
Java 17.0.3 (OpenJDK) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
go 1.17.8 TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
LibreSSL 2.8.3 (Apple) No connection
OpenSSL 1.0.2e No connection
OpenSSL 1.1.0l (Debian) No connection
OpenSSL 1.1.1d (Debian) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
OpenSSL 3.0.3 (git) TLSv1.3 TLS_AES_256_GCM_SHA384 253 bit ECDH (X25519)
Apple Mail (16.0) No connection
Thunderbird (91.9) No connection

Done 2024-09-06 04:27:50 [ 36s] -->> 192.168.122.60:443 (domain.com) <<--
```

# ED25519 Browser and Certificate Support

### Summary of EdDSA (Ed25519) Browser and Certificate Support Challenges:

1. **EdDSA Adoption and FIPS 186-5**:
As of **February 3, 2023**, EdDSA (Edwards-curve Digital Signature Algorithm) officially replaced the outdated DSA algorithm with the release of FIPS 186-5. This made EdDSA the recommended algorithm for digital signatures within U.S. government standards. However, the broader adoption of EdDSA in the web infrastructure has lagged behind, especially for **SSL/TLS certificates**.

2. **CAB Forum Inaction**:
Despite EdDSA's inclusion in **S/MIME** (email security), the **CA/Browser Forum** has not yet taken action to include EdDSA in SSL/TLS server certificates. As a result, Certificate Authorities (CAs) and web browsers have not widely adopted it. This creates a gap in the ecosystem, particularly since FIPS 186-4 (which relies on RSA and ECDSA) will sunset in **February 2024**. This could leave the internet underprepared for potential vulnerabilities in the older algorithms without a fallback to EdDSA.

3. **EdDSA is Fully Standardized for TLS**:
EdDSA algorithms such as **Ed25519** and **Ed448** are fully supported in **TLS 1.2** and **TLS 1.3**. The relevant standards, including **RFC 8446** (TLS 1.3), RFC 8422, and RFC 8410, outline how EdDSA keys can be used for key exchange and digital signatures in TLS communications. However, the lack of browser and CA support continues to hinder practical implementation.

4. **Resistance to Algorithm Expansion**:
Some root programs, including major Certificate Authorities, have indicated that they are not interested in expanding their supported algorithm sets beyond **RSA** and **NIST EC (Elliptic Curve)** curves. This presents a significant barrier to the adoption of EdDSA in publicly trusted certificates.

5. **Focus on Post-Quantum Cryptography**:
The next major shift in cryptographic algorithms is likely to focus on **post-quantum algorithms** rather than adopting new elliptic curve algorithms like Ed25519. This shift is driven by the need to protect against quantum computing attacks, which could render current algorithms vulnerable in the future.

6. **OpenSSL and SSH Support**:
Despite limited browser support, Ed25519 has been supported by **OpenSSL** for five years and is widely used in **SSH** (Secure Shell) since 2013. This demonstrates the algorithm’s stability and utility in non-browser environments, but the gap in web infrastructure remains a challenge.

7. **Challenges with Low-Order Points**:
One technical disadvantage of Ed25519 is that it's not a prime-order curve, which introduces potential risks with low-order points. In contrast, NIST curves have improved complete addition formulas, offering more robust security in some scenarios.

### Conclusion:
While EdDSA (Ed25519) has strong technical support and advantages, particularly in performance and security, its adoption in SSL/TLS certificates remains limited due to browser and CA reluctance. The focus is shifting toward **post-quantum cryptography**, and until CA/Browser Forum action is taken, EdDSA certificates may not be widely supported.