> From: owner-openssl-us...@openssl.org On Behalf Of Devin Ceartas > Sent: Friday, 27 August, 2010 16:21 > To: openssl-users@openssl.org > Subject: Fallback certs > > Is it possible to have a preferred certificate (say, one I created > myself and signed with my own root) and have connections to a web > browser fall back on a secondary cert (say one from a commercial > provider) if negotiation on the preferred certificate fails? > Not really, at least not easily. There is no provision in SSL (or TLS AFAIK) for the client to ask for a different cert than the one provided, or to specify CAs. (Going the other way, for *client* auth, the server specifies a list of acceptable CAs, which the client can use to choose which cert=id to offer.)
The choice of server cert does depend on the broad cipher 'type' negotiated, i.e. RSA, DSA+DH, ECDSA+ECDH. A programmed client could conceivably try negotiation with different ciphersuites offered until it gets a cert (and ciphersuite) it likes, but doing this with the web browsers I know is either impossible or so clumsy as to be unusable. Depending on how your server is programmed, you might be able to remember failed connection attempts by IPaddr, especially ones where you got a clear error indication like alert 46 or 48, and handle specially any new attempt from the same IPaddr within a reasonably short time like 5 seconds. You usually don't want to remember too many or too long, or that opens a denial of service attack against you. TLS1.1 (and I assume higher) does have an extension for "Server Name Indication" to support multiple virtual hosts (e.g. websites) on the same host (address) and port. I haven't looked how OpenSSL implements this (in terms of using it for a cert/key choice, or providing a callback to) and don't know whether/which common browsers send it. If yours do, and you don't mind telling different user populations to use a different hostname (or do it for them by providing emails or forms or whatever with different URLs), you could have "virtual hosts" that actually serve the same content (or different if you like) under different names. But in the end, why do you care? If you have a commercial cert that your (expected) users accept, why don't you just use it? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
