tokers opened a new issue #1159: Proposal: multiple certificates deployment for a single domain URL: https://github.com/apache/incubator-apisix/issues/1159 ## Background As is known to all, ECC (Elliptic Curve Cryptography) certificate has several advantages than RSA certificate, like smaller key size. The speed of SSL handshake on the server side will be better if we can use the ECC certificate. Nevertheless, some browsers may not recognize the ECC certificate, so if someone migrated his/her certificate from RSA to ECC, compatibility broken might occur. ## Solution Let's try to deploy multiple certificates for a single domain, depends on the cipher suites that client sent, apisix can select and send the most appropriate certificates. Technically, OpenSSL's related APIs like `SSL_use_certificate`, `SSL_use_PrivateKey`, can be called duplicately for a single SSL session, the certificate selection will be done under the hood. ## References * https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it * https://imququ.com/post/ecc-certificate.html
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
