[stunnel-users] server mode support for both ECC and RSA server certificates

Tom Hood tom.w.hood at gmail.com
Tue Oct 2 16:50:02 CEST 2018


Can one stunnel service in server mode be configured with both ECDSA and
RSA server certs?  The stunnel man page Certificates section suggests only
one can be specified along with its CA chain.

Use case is some legacy clients don't support ECDSA, but it would be nice
to support ECDSA when a client does support it.

It appears that HAProxy supports this
I'm hoping there is an equivalent way to do this with stunnel.

I'm currently testing with stunnel 5.49 with OpenSSL 1.0.2p on Solaris
11.3, but can rebuild with any version of openssl if that helps.

-- Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20181002/d3d56645/attachment.html>

More information about the stunnel-users mailing list