RSA signed ECDSA certificate still uses ECDSA for authentication

radiatejava radiatejava at gmail.com
Fri Aug 26 17:48:38 UTC 2022


I am a bit confused when an RSA signed ECDSA certificate is being used in TLS.
For example, if you run the test for facebook.com, you will see that
the certificate has ECDSA key but signed with Signature Algorithm:
sha256WithRSAEncryption.

$ openssl s_client  -connect  www.facebook.com:443

The ciphersuite used here is ECDHE-ECDSA-AES128-GCM-SHA256. So it
means it used ECDSA key for server authentication.

But I do not understand how did it use ECDSA key for authentication as
the cert is RSA signed and key exchange is ECDHE, meaning ECDSA key of
the certificate is not used for encryption keys. Can someone explain
this to me?


More information about the openssl-users mailing list