using TLS (>1.2) with more than one certificate
Matt Caswell
matt at openssl.org
Tue May 24 13:42:32 UTC 2022
On 24/05/2022 13:52, Tobias.Wolf at t-systems.com wrote:
> I’ve a server application and need to support RSA and ECC clients at the
> same time.
>
> I don’t know which certificate from my local keystore I have to send to
> the client, btw I have a rsa and a ecc certificate in my keystore already.
>
> I don’t know with which certificate (rsa or ecc) a client comes during
> handshake of a tls connection.
>
> How can this technically work?
>
It's perfectly find to add multiple certs/keys of different types to a
single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use
based on the negotiated sigalg (for TLSv1.3).
Matt
More information about the openssl-users
mailing list