On 04/02/17 22:23, Suman Paul wrote: > Hi, > > I have a server that implements DTLS using OpenSSL 1.0.1 but supports > only RSA keys as of today. I want to add support to this server to > accept EC keys to be able to implement the newer ECDHE-ECDSA cipher > suites while retaining support for RSA. Any pointers as to how to go > about this? > > What I believe is that each kind of key would need a different > SSL_CTX object. So I want to switch to the correct context for the > SSL session as per the cipher supported by the client (maybe from the > cipher list advertised in the ClientHello). Is that the best way of > implementing this?
No. You can add both the RSA certificate and the ECDSA certificate to the same SSL_CTX. Just call one of the SSL_CTX_use_certificate*() functions twice - once for each certificate type. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
