using TLS (>1.2) with more than one certificate

Matt Caswell matt at
Tue May 24 13:42:32 UTC 2022

On 24/05/2022 13:52, Tobias.Wolf at wrote:
> I’ve a server application and need to support RSA and ECC clients at the 
> same time.
> I don’t know which certificate from my local keystore I have to send to 
> the client, btw I have a rsa and a ecc certificate in my keystore already.
> I don’t know with which certificate (rsa or ecc) a client comes during 
> handshake of a tls connection.
> How can this technically work?

It's perfectly find to add multiple certs/keys of different types to a 
single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use 
based on the negotiated sigalg (for TLSv1.3).


More information about the openssl-users mailing list