Opened 4 years ago

Closed 4 years ago

#1849 closed enhancement (fixed)

Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.4.5
Component: pjlib Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description

When a client connects via SSL/TLS, the server uses a RSA key-pair usually. However, more such algorithms exist like DSA and ECDSA, and if the server socket setups a certificate for either one of those, it would loose compatibility to RSA-only clients. This ticket allows the server socket to be configured with up to one RSA, ECDSA and DSA key each. Also, if any socket clients are not compatible with SHA-2 hashed certificates ­for example Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy clients and ECDSA/SHA-2 for everyone else.

Thanks Alexander Traud for the feedback and the patch.

Change History (1)

comment:1 Changed 4 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 5087:

Close #1849: Enabled multiple TLS certificate chains (RSA+ECC+DSA) for server socket.

Note: See TracTickets for help on using tickets.