[openssl-users] ECDSA vs RSA certificates

Rajeswari K raji.kotamraju at gmail.com
Wed Jun 22 08:31:28 UTC 2016

Hello Openssl users,

Need pointers on how to use ECDSA vs RSA certificates.

When our device acting as TLS server, we have support for both ECDSA and
RSA based certificates. At first, we need to feed a certificate for the TLS
server to accept the connections.

>From the code, having a feel that, if we feed ECDSA based certificates,
ECDSA based ciphers only get selected by server. But, what if client
doesn't have a cipher matched with ECDSA? Does server choose RSA based
cipher or because the certificate we fed is holding ECDSA signature, will
it respond with "no shared cipher"?

Is there a way we can feed multiple certificates i.e. one with ECDSA and
other with RSA to TLS server during SSL_CTX initialization?
Once Client hello is received, after examining client supported ciphers, do
we need to feed respective (i.e. ECDSA/RSA) certificate?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160622/399fb492/attachment.html>

More information about the openssl-users mailing list