[openssl-users] DTLS Server with support for both EC and RSA keys

Matt Caswell matt at openssl.org
Mon Feb 6 11:03:50 UTC 2017

On 04/02/17 22:23, Suman Paul wrote:
> Hi,
> I have a server that implements DTLS using OpenSSL 1.0.1 but supports
> only RSA keys as of today. I want to add support to this server to
> accept EC keys to be able to implement the newer ECDHE-ECDSA cipher
> suites while retaining support for RSA. Any pointers as to how to go
> about this?
> What I believe is that each kind of key would need a different
> SSL_CTX object. So I want to switch to the correct context for the
> SSL session as per the cipher supported by the client (maybe from the
> cipher list advertised in the ClientHello). Is that the best way of
> implementing this?

No. You can add both the RSA certificate and the ECDSA certificate to
the same SSL_CTX. Just call one of the SSL_CTX_use_certificate*()
functions twice - once for each certificate type.


More information about the openssl-users mailing list