Hi, I asked in the past, if OCSP stapling can also be made with a list. This part of code implementation is still not done for actual openssl or gnutls implementations.
I found now a way to do it with plain config: tls_certificate = ecdsa_chain.pem:rsa_chain.pem tls_privatekey = ecdsa-key.pem:rsa-key.pem tls_require_ciphers = "Make sure to use only ciphers mentioning RSA or ECDSA in their name, not the historic ones (except TLS 1.3)" tls_ocsp_file = ${if match{$tls_cipher}{RSA}{ocspresponseRSA}{ocspresponseECDSA}} This works also with the new upcoming TLS 1.3 In the case the ciphers has "*RSA*", we staple the OCSP-response for the RSA Certificate. In all others case we staple the ECDSA-OCSP-response. In TLS 1.3 their is no RSA or ECDSA in the ciphername and we staple the OCSP-ECDSA-response to the first given tls_certificate, which in this case is also the ECDSA-cert. -- Torsten -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/