using TLS (>1.2) with more than one certificate

Dirk-Willem van Gulik dirkx at
Wed May 25 07:34:28 UTC 2022

On 25 May 2022, at 09:16, <Tobias.Wolf at> <Tobias.Wolf at> wrote:

> I’ve a server application and need to support RSA and ECC clients at the same time.
> I don’t know which certificate from my local keystore I have to send to the client, btw I have a rsa and a ecc certificate in my keystore already.
> I don’t know with which certificate (rsa or ecc) a client comes during handshake of a tls connection.
> How can this technically work?

On a protocol layer - have a look at the Client Hello which the client sent to the server prior to selection:

Have a look at ; / The Illustrated TLS 1.2 Connection

To understand this. On coding level; in openssl - most of this `should’ simply work if you’ve set up OpenSSL correctly. The code behind s_server is a good start. Other good resources are <>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list