[openssl-users] DTLS Server with support for both EC and RSA keys
matt at openssl.org
Mon Feb 6 11:03:50 UTC 2017
On 04/02/17 22:23, Suman Paul wrote:
> I have a server that implements DTLS using OpenSSL 1.0.1 but supports
> only RSA keys as of today. I want to add support to this server to
> accept EC keys to be able to implement the newer ECDHE-ECDSA cipher
> suites while retaining support for RSA. Any pointers as to how to go
> about this?
> What I believe is that each kind of key would need a different
> SSL_CTX object. So I want to switch to the correct context for the
> SSL session as per the cipher supported by the client (maybe from the
> cipher list advertised in the ClientHello). Is that the best way of
> implementing this?
No. You can add both the RSA certificate and the ECDSA certificate to
the same SSL_CTX. Just call one of the SSL_CTX_use_certificate*()
functions twice - once for each certificate type.
More information about the openssl-users