![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 10 years ago
Closed 10 years ago
#1849 closed enhancement (fixed)
Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket
| Reported by: | nanang | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.4.5 |
| Component: | pjlib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
When a client connects via SSL/TLS, the server uses a RSA key-pair usually. However, more such algorithms exist like DSA and ECDSA, and if the server socket setups a certificate for either one of those, it would loose compatibility to RSA-only clients. This ticket allows the server socket to be configured with up to one RSA, ECDSA and DSA key each. Also, if any socket clients are not compatible with SHA-2 hashed certificates for example Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy clients and ECDSA/SHA-2 for everyone else.
Thanks Alexander Traud for the feedback and the patch.
Change History (1)
comment:1 Changed 10 years ago by nanang
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In 5087: