Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Mon, Nov 30, 2015 at 3:32 PM, Olivier Doucet wrote: > Hello, > > I'm digging out this thread, because having multiple certificate for one > single domain (SNI) but with different key types (RSA/ECDSA) can really be > a great functionality. Is there some progress ? How can

[SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hello, I'm digging out this thread, because having multiple certificate for one single domain (SNI) but with different key types (RSA/ECDSA) can really be a great functionality. Is there some progress ? How can we help ? A subsidiary question is : how much ECDSA certificates are supported ? So

Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On Mon, Nov 30, 2015 at 04:20:15PM -0800, Bryan Talbot wrote: > On Mon, Nov 30, 2015 at 3:32 PM, Olivier Doucet wrote: > > > Hello, > > > > I'm digging out this thread, because having multiple certificate for one > > single domain (SNI) but with different key types

Re: [SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

On 08/21/2015 08:08 PM, Emeric Brun wrote: Hey Dave, the SNI tree a certificate regardless the CN/SAN. It's dirty i know, but some people use it. You will also notice, reading 'ssl_sock_process_crt_file' that if we use sni_filter (so filter in crt-list), a new ssl_ctx is always allocated

[SPAM] Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching

Hey Dave, the SNI tree a certificate regardless the CN/SAN. It's dirty i know, but some people use it. You will also notice, reading 'ssl_sock_process_crt_file' that if we use sni_filter (so filter in crt-list), a new ssl_ctx is always allocated and stored. But if no filter is set on the