On 2022-08-21 at 15:18 -0500, Chris Adams wrote: > Also, I believe you can offer both RSA and EC certs, so shouldn't be > a negative to getting an EC cert (you just need to have RSA too).
How would you do that? You could use different certificates on different interfaces, based on the hostname the client is connecting to (assuming they support SNI), or even the client IP address. But I don't think you could easily vary the type of certificate you present to the client. Technically, the ClientHello message shal be sent before the ServerHello, so I guess you could predict, based on the ciphersuites presented, if the client is likely to support an EC cert and present an EC or RSA certificate based on that, but I don't know of a SSL library which allows you to do that. . Best regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop