using TLS (>1.2) with more than one certificate

Dirk-Willem van Gulik dirkx at webweaving.org
Wed May 25 07:34:28 UTC 2022


On 25 May 2022, at 09:16, <Tobias.Wolf at t-systems.com> <Tobias.Wolf at t-systems.com> wrote:

> I’ve a server application and need to support RSA and ECC clients at the same time.
> I don’t know which certificate from my local keystore I have to send to the client, btw I have a rsa and a ecc certificate in my keystore already.
> I don’t know with which certificate (rsa or ecc) a client comes during handshake of a tls connection.
> How can this technically work?

On a protocol layer - have a look at the Client Hello which the client sent to the server prior to selection:

Have a look at ;

	https://tls12.ulfheim.net. / The Illustrated TLS 1.2 Connection

To understand this. On coding level; in openssl - most of this `should’ simply work if you’ve set up OpenSSL correctly. The code behind s_server is a good start. Other good resources are

	https://www.feistyduck.com/library/openssl-cookbook/online/ <https://www.feistyduck.com/library/openssl-cookbook/online/>


Dw.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220525/3160b6d3/attachment-0001.htm>


More information about the openssl-users mailing list