(sorry that previous one looked so terrible. Here it is with plain
text)
Can a single OpenSSL context support both 1024-bit and 2048-bit RSA at
the same time? For example, if a client device has both 1024-bit and
2048-bit RSA keys, will the SSL/TLS handshake allow the server to pick
whether 1024 or 2048-bit RSA should be used?
I do not believe this works but would appreciate any input from others.
My understanding is that the client provides a list of supported
ciphersuites during the Client Hello process. However, the
ciphersuites enumeration does not indica te the bit length of the RSA
key, only that RSA can be used. For example,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA doesn’t indicate if 1024-bit or
2048-bit RSA is required. It seems that the server needs to look at
the client’s certificate to determine the number of bits used by the
RSA key --- but even if the server requests the client’s certificate,
this happens after the cipher has been chosen.
I appreciate any input on this, whether it’s “you got it all wrong”,
“you got it all right”, or anything in the middle.
Thanks
... Altan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]