[stunnel-users] server mode support for both ECC and RSA server certificates

• Previous message (by thread): [stunnel-users] build static stunnel with openssl
• Next message (by thread): [stunnel-users] stunnel 5.49 on Win32 (invalid configuration file)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Can one stunnel service in server mode be configured with both ECDSA and
RSA server certs?  The stunnel man page Certificates section suggests only
one can be specified along with its CA chain.

Use case is some legacy clients don't support ECDSA, but it would be nice
to support ECDSA when a client does support it.

It appears that HAProxy supports this
<https://www.haproxy.com/blog/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/>,but
I'm hoping there is an equivalent way to do this with stunnel.

I'm currently testing with stunnel 5.49 with OpenSSL 1.0.2p on Solaris
11.3, but can rebuild with any version of openssl if that helps.

Thanks,
-- Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20181002/d3d56645/attachment.html>

• Previous message (by thread): [stunnel-users] build static stunnel with openssl
• Next message (by thread): [stunnel-users] stunnel 5.49 on Win32 (invalid configuration file)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]