Though EC certificates are smaller and faster, sometimes it's necessary to use RSA certificates to ensure compatibility. So, we need to use EC and RSA dual certificates.
NGINX config is here:
ssl_certificate /path/to/ec-cert;
ssl_certificate /path/to/rsa-cert;
ssl_certificate_key /path/to/ec-key;
ssl_certificate_key /path/to/rsa-key;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_protocols TLSv1.2 TLSv1.3;
Compared with only using EC certificate, your site now supports Chrome 49 on Windows XP SP3.
