Re: using TLS (>1.2) with more than one certificate
On Tue, May 24, 2022 at 04:10:00PM +0100, Angus Robertson - Magenta Systems Ltd wrote: > I do see a lot of SSL connection errors in my logs, but assume these > are mostly hackers or trackers with software not able to support > TLS/1.2, usually with a blank SNI and ALPN and often no extensions in > the client hello. One had 'Versions: TLSv1.1, TLSv1.3 Key Share Data' > so got unsupported protocol. Various less popular, but still deployed SMTP servers are not updated nearly as often as desktop browsers, ... and some still support only RSA. Depending on where your users' mail comes from you may need to support RSA for SMTP. This is not a strong recommendation, but it is something to keep in mind. -- Viktor.
RE: using TLS (>1.2) with more than one certificate
>> I_ve a server application and need to support RSA and ECC >> clients at the same time. > > Configure the server's SSL_CTX with both certificate chains and > the private keys for the two entity certificates, and for older > TLS versions the server will select the appropriate chain based > on the cipher-suite list in the ClientHello. Side tracking slightly, I have only ECC certificates on my web, mail and FTP servers, and SSL Labs says the only browser that can not connect to them is Chrome 49 on Windows XP SP3. Is there another reason I should be duplicating all my ECC certificates with RSA versions? I do see a lot of SSL connection errors in my logs, but assume these are mostly hackers or trackers with software not able to support TLS/1.2, usually with a blank SNI and ALPN and often no extensions in the client hello. One had 'Versions: TLSv1.1, TLSv1.3 Key Share Data' so got unsupported protocol. error:0A000102:SSL routines::unsupported protocol error:0A000418:SSL routines::tlsv1 alert unknown ca error:0AC1:SSL routines::no shared cipher error:0A6C:SSL routines::bad key share error:0A000413:SSL routines::sslv3 alert unsupported certificate Also lots of unexpected closes during handshake, and HTTP requests with no handshake. Angus
RE: using TLS (>1.2) with more than one certificate
> From: openssl-users On Behalf Of Matt > Caswell > Sent: Tuesday, 24 May, 2022 07:43 > To: openssl-users@openssl.org > Subject: Re: using TLS (>1.2) with more than one certificate > > On 24/05/2022 13:52, tobias.w...@t-systems.com wrote: > > I’ve a server application and need to support RSA and ECC clients at the > > same time. > > > > I don’t know which certificate from my local keystore I have to send to > > the client, btw I have a rsa and a ecc certificate in my keystore > already. > > > > I don’t know with which certificate (rsa or ecc) a client comes during > > handshake of a tls connection. > > > > How can this technically work? > > > > It's perfectly find to add multiple certs/keys of different types to a > single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use > based on the negotiated sigalg (for TLSv1.3). Just to clarify - this works for earlier TLS versions as well. Configure the server's SSL_CTX with both certificate chains and the private keys for the two entity certificates, and for older TLS versions the server will select the appropriate chain based on the cipher-suite list in the ClientHello. That is, it will use the ECC certificate (probably ECDSA, though EdDSA is becoming more common) if the client's cipher-suite list indicates it supports the necessary algorithms. -- Michael Wojcik
Re: using TLS (>1.2) with more than one certificate
On 24/05/2022 13:52, tobias.w...@t-systems.com wrote: I’ve a server application and need to support RSA and ECC clients at the same time. I don’t know which certificate from my local keystore I have to send to the client, btw I have a rsa and a ecc certificate in my keystore already. I don’t know with which certificate (rsa or ecc) a client comes during handshake of a tls connection. How can this technically work? It's perfectly find to add multiple certs/keys of different types to a single SSL_CTX/SSL. OpenSSL will select the appropriate cert to use based on the negotiated sigalg (for TLSv1.3). Matt
using TLS (>1.2) with more than one certificate
I've a server application and need to support RSA and ECC clients at the same time. I don't know which certificate from my local keystore I have to send to the client, btw I have a rsa and a ecc certificate in my keystore already. I don't know with which certificate (rsa or ecc) a client comes during handshake of a tls connection. How can this technically work?