Dear list,
As of now haproxy supports hosting different types of certificates on
the same ip with certificates bundling:
https://docs.haproxy.org/3.0/configuration.html#ssl-load-extra-files
That works fine with Openssl library, but doesn't seem to work with
aws-lc ssl library.
When haproxy is built with aws-lc ssl haproxy is able to use only one
certificate per endpoint.
I have tried the following configurations with aws-lc ssl:
1) Multiple crt and ciphers in bind:
/bind 0.0.0.0:443 ssl crt example-rsa.pem crt example-esdsa.pem/
In this case the first declared certificate is used. Depending on the
order it can be ecc or rsa
2) Bundling as described in
https://docs.haproxy.org/3.0/configuration.html#ssl-load-extra-files:
/bind 0.0.0.0:443 ssl crt example.pem/
And two files with certificate extensions:
/example.pem.ecdsa
example.pem.rsa/
In this case always ecc (ecdsa) certificate is being used.
Both examples above work fine with openssl
Are there any other options to try?
Thanks!
--
Best regards,
Andrii Ustymenko