Re: using TLS (>1.2) with more than one certificate

2022-05-25 Thread Dirk-Willem van Gulik 
On 25 May 2022, at 09:16,  
 wrote:

> I’ve a server application and need to support RSA and ECC clients at the same 
> time.
> I don’t know which certificate from my local keystore I have to send to the 
> client, btw I have a rsa and a ecc certificate in my keystore already.
> I don’t know with which certificate (rsa or ecc) a client comes during 
> handshake of a tls connection.
> How can this technically work?

On a protocol layer - have a look at the Client Hello which the client sent to 
the server prior to selection:

Have a look at ;

https://tls12.ulfheim.net. / The Illustrated TLS 1.2 Connection

To understand this. On coding level; in openssl - most of this `should’ simply 
work if you’ve set up OpenSSL correctly. The code behind s_server is a good 
start. Other good resources are

https://www.feistyduck.com/library/openssl-cookbook/online/ 



Dw.

Re: using TLS (>1.2) with more than one certificate

2022-05-25 Thread Dmitry Belyavsky 
Dear Tobias,

Does code in s_server application help?

On Wed, May 25, 2022 at 9:17 AM  wrote:

> I’ve a server application and need to support RSA and ECC clients at the
> same time.
>
> I don’t know which certificate from my local keystore I have to send to
> the client, btw I have a rsa and a ecc certificate in my keystore already.
>
> I don’t know with which certificate (rsa or ecc) a client comes during
> handshake of a tls connection.
>
> How can this technically work?
>
>
>


-- 
SY, Dmitry Belyavsky

using TLS (>1.2) with more than one certificate

2022-05-25 Thread Tobias.Wolf 
I've a server application and need to support RSA and ECC clients at the same 
time.
I don't know which certificate from my local keystore I have to send to the 
client, btw I have a rsa and a ecc certificate in my keystore already.
I don't know with which certificate (rsa or ecc) a client comes during 
handshake of a tls connection.
How can this technically work?

Re: using TLS (>1.2) with more than one certificate

2022-05-24 Thread Viktor Dukhovni 
On Tue, May 24, 2022 at 04:10:00PM +0100, Angus Robertson - Magenta Systems Ltd 
wrote:

> I do see a lot of SSL connection errors in my logs, but assume these
> are mostly hackers or trackers with software not able to support
> TLS/1.2, usually with a blank SNI and ALPN and often no extensions in
> the client hello.  One had 'Versions: TLSv1.1, TLSv1.3 Key Share Data'
> so got unsupported protocol.  

Various less popular, but still deployed SMTP servers are not updated
nearly as often as desktop browsers, ... and some still support only
RSA.  Depending on where your users' mail comes from you may need to
support RSA for SMTP.  This is not a strong recommendation, but it is
something to keep in mind.

-- 
Viktor.

RE: using TLS (>1.2) with more than one certificate

2022-05-24 Thread Angus Robertson - Magenta Systems Ltd 
>> I_ve a server application and need to support RSA and ECC 
>> clients at the same time.
>
> Configure the server's SSL_CTX with both certificate chains and 
> the private keys for the two entity certificates, and for older 
> TLS versions the server will select the appropriate chain based 
> on the cipher-suite list in the ClientHello. 

Side tracking slightly, I have only ECC certificates on my web, mail
and FTP servers, and SSL Labs says the only browser that can not
connect to them is Chrome 49 on Windows XP SP3.  

Is there another reason I should be duplicating all my ECC certificates
with RSA versions?

I do see a lot of SSL connection errors in my logs, but assume these
are mostly hackers or trackers with software not able to support
TLS/1.2, usually with a blank SNI and ALPN and often no extensions in
the client hello.  One had 'Versions: TLSv1.1, TLSv1.3 Key Share Data'
so got unsupported protocol.  

error:0A000102:SSL routines::unsupported protocol
error:0A000418:SSL routines::tlsv1 alert unknown ca
error:0AC1:SSL routines::no shared cipher
error:0A6C:SSL routines::bad key share
error:0A000413:SSL routines::sslv3 alert unsupported certificate

Also lots of unexpected closes during handshake, and HTTP requests with
no handshake.  

Angus

RE: using TLS (>1.2) with more than one certificate

2022-05-24 Thread Michael Wojcik via openssl-users 
> From: openssl-users  On Behalf Of Matt
> Caswell
> Sent: Tuesday, 24 May, 2022 07:43
> To: openssl-users@openssl.org
> Subject: Re: using TLS (>1.2) with more than one certificate
> 
> On 24/05/2022 13:52, tobias.w...@t-systems.com wrote:
> > I’ve a server application and need to support RSA and ECC clients at the
> > same time.
> >
> > I don’t know which certificate from my local keystore I have to send to
> > the client, btw I have a rsa and a ecc certificate in my keystore
> already.
> >
> > I don’t know with which certificate (rsa or ecc) a client comes during
> > handshake of a tls connection.
> >
> > How can this technically work?
> >
> 
> It's perfectly find to add multiple certs/keys of different types to a
> single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use
> based on the negotiated sigalg (for TLSv1.3).

Just to clarify - this works for earlier TLS versions as well.

Configure the server's SSL_CTX with both certificate chains and the private 
keys for the two entity certificates, and for older TLS versions the server 
will select the appropriate chain based on the cipher-suite list in the 
ClientHello. That is, it will use the ECC certificate (probably ECDSA, though 
EdDSA is becoming more common) if the client's cipher-suite list indicates it 
supports the necessary algorithms.

-- 
Michael Wojcik

Re: using TLS (>1.2) with more than one certificate

2022-05-24 Thread Matt Caswell 

On 24/05/2022 13:52, tobias.w...@t-systems.com wrote:
I’ve a server application and need to support RSA and ECC clients at the 
same time.


I don’t know which certificate from my local keystore I have to send to 
the client, btw I have a rsa and a ecc certificate in my keystore already.


I don’t know with which certificate (rsa or ecc) a client comes during 
handshake of a tls connection.


How can this technically work?



It's perfectly find to add multiple certs/keys of different types to a 
single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use 
based on the negotiated sigalg (for TLSv1.3).


Matt

using TLS (>1.2) with more than one certificate

2022-05-24 Thread Tobias.Wolf 
I've a server application and need to support RSA and ECC clients at the same 
time.
I don't know which certificate from my local keystore I have to send to the 
client, btw I have a rsa and a ecc certificate in my keystore already.
I don't know with which certificate (rsa or ecc) a client comes during 
handshake of a tls connection.
How can this technically work?