Dear list,

As of now haproxy supports hosting different types of certificates on the same ip with certificates bundling:
https://docs.haproxy.org/3.0/configuration.html#ssl-load-extra-files

That works fine with Openssl library, but doesn't seem to work with aws-lc ssl library.

When haproxy is built with aws-lc ssl haproxy is able to use only one certificate per endpoint.

I have tried the following configurations with aws-lc ssl:

1) Multiple crt and ciphers in bind:

/bind 0.0.0.0:443 ssl crt example-rsa.pem crt example-esdsa.pem/

In this case the first declared certificate is used. Depending on the order it can be ecc or rsa

2) Bundling as described in https://docs.haproxy.org/3.0/configuration.html#ssl-load-extra-files:

/bind 0.0.0.0:443 ssl crt example.pem/

And two files with certificate extensions:

/example.pem.ecdsa
example.pem.rsa/

In this case always ecc (ecdsa) certificate is being used.

Both examples above work fine with openssl

Are there any other options to try?

Thanks!

--

Best regards,

Andrii Ustymenko

Reply via email to