Right now, the "best" way I'm aware of to serve both an RSA and an ECDSA certificate on the same IP to different clients is to use req.ssl_ec_ext <http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.5-req.ssl_ec_ext> to determine if a set of supported elliptic curves was passed in the ClientHello. Unfortunately, if clients disable ECDSA cipher suites (either manually or through poor defaults), the EC extension block will still be present, but the user will be unable to negotiate a handshake with an ECDSA-using server. It would be nice to be able to direct users with no ECDSA cipher suites to the RSA backend instead.
It would be nice to have a set of booleans available at the same level as req.ssl_ec_ext for determining if various families of cipher suites are present. I envision something like req.ssl_rsa_supported, req.ssl_dsa_supported, and req.ssl_ecdsa_supported. I suppose we could also just add a fetcher that exposes the entire client cipher-suite list as a string and then use a regexp to determine if, e..g, the string "-ECDSA" occurs in that list, but that seems somewhat failure-prone. Thoughts? -- James Brown Engineer
