TLS: Choosing a server certificate based on client's accepted algorithms

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

TLS: Choosing a server certificate based on client's accepted algorithms

Roger Lipscombe-2
Apparently, nginx allows you to specify multiple server certificates
(e.g. RSA and ECDHE), and it'll choose the appropriate one based on
the client's preference.

See, for example:
https://scotthelme.co.uk/hybrid-rsa-and-ecdsa-certificates-with-nginx/

I find myself needing something similar. Historically, my server's
used SHA1 certificates, and I want to move to SHA256 certificate, but
I've got embedded clients which are hard to change, so I need to
support both, at least for a while.

Can I persuade OTP to offer a different server certificate depending
on the client?

I can't use (e.g.) SNI, because the client doesn't provide the
server_name extension.

Thanks,
Roger.
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Loading...