-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: | (sorry that previous one looked so terrible. Here it is with plain text) | | Can a single OpenSSL context support both 1024-bit and 2048-bit RSA at | the same time? For example, if a client device has both 1024-bit and | 2048-bit RSA keys, will the SSL/TLS handshake allow the server to pick | whether 1024 or 2048-bit RSA should be used?
The client certificate has no influence on the selected ciphers. It is only used for client authentication. The server certificate (and with that the server key) have influence on the used ciphers in a session. And while an SSL_CTX can have more than one cert/key pair, you can only set one cert/key for every key type (one RSA key/cert, one EC key/cert, ...) It might be possible to twist the TLS hostname extension to select between a 2048 and a 1024 cert/key, but that would be something client and server would have to cooperate on... Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIogNv2iGqZUF3qPYRAjw3AJsGvI1rp+6Da4yNf0TGPgh+v+GwZACfdl5w /tbqtRMB3ovEpRvSkzV9rts= =1wHC -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
