Tom Hood
2018-10-02 14:50:02 UTC
Hi,
Can one stunnel service in server mode be configured with both ECDSA and
RSA server certs? The stunnel man page Certificates section suggests only
one can be specified along with its CA chain.
Use case is some legacy clients don't support ECDSA, but it would be nice
to support ECDSA when a client does support it.
It appears that HAProxy supports this
<https://www.haproxy.com/blog/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/>,but
I'm hoping there is an equivalent way to do this with stunnel.
I'm currently testing with stunnel 5.49 with OpenSSL 1.0.2p on Solaris
11.3, but can rebuild with any version of openssl if that helps.
Thanks,
-- Tom
Can one stunnel service in server mode be configured with both ECDSA and
RSA server certs? The stunnel man page Certificates section suggests only
one can be specified along with its CA chain.
Use case is some legacy clients don't support ECDSA, but it would be nice
to support ECDSA when a client does support it.
It appears that HAProxy supports this
<https://www.haproxy.com/blog/serving-ecc-and-rsa-certificates-on-same-ip-with-haproxy/>,but
I'm hoping there is an equivalent way to do this with stunnel.
I'm currently testing with stunnel 5.49 with OpenSSL 1.0.2p on Solaris
11.3, but can rebuild with any version of openssl if that helps.
Thanks,
-- Tom