Implemented a 256-bit ECDSA key and certificate for TLS connections to Bitbucket Cloud - initially just secondary certificates, such as for hosted pages and for, but eventually for the primary certificate ( User agents indicate their key-signing compatibility during ClientHello; if they support ECDSA, then the load balancers (which terminate that TLS session) will use the ECDSA key to sign outgoing packets.

Almost all HTTPS traffic through and its associated hostnames now uses an ECDSA certificate. The smaller ECDSA certificate reduces memory usage on the load balancing layer; it slightly reduces packet-signing latency; and it offers better security for packets in transit. Bitbucket was the first major repository host to use ECDSA for TLS.

Project link:

Nifty tech tag lists fromĀ Wouter Beeftink