using TLS (>1.2) with more than one certificate

Michael Wojcik Michael.Wojcik at microfocus.com
Tue May 24 14:03:21 UTC 2022


> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Matt
> Caswell
> Sent: Tuesday, 24 May, 2022 07:43
> To: openssl-users at openssl.org
> Subject: Re: using TLS (>1.2) with more than one certificate
> 
> On 24/05/2022 13:52, Tobias.Wolf at t-systems.com wrote:
> > I’ve a server application and need to support RSA and ECC clients at the
> > same time.
> >
> > I don’t know which certificate from my local keystore I have to send to
> > the client, btw I have a rsa and a ecc certificate in my keystore
> already.
> >
> > I don’t know with which certificate (rsa or ecc) a client comes during
> > handshake of a tls connection.
> >
> > How can this technically work?
> >
> 
> It's perfectly find to add multiple certs/keys of different types to a
> single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use
> based on the negotiated sigalg (for TLSv1.3).

Just to clarify - this works for earlier TLS versions as well.

Configure the server's SSL_CTX with both certificate chains and the private keys for the two entity certificates, and for older TLS versions the server will select the appropriate chain based on the cipher-suite list in the ClientHello. That is, it will use the ECC certificate (probably ECDSA, though EdDSA is becoming more common) if the client's cipher-suite list indicates it supports the necessary algorithms.

-- 
Michael Wojcik


More information about the openssl-users mailing list