Welcome! Log In Create A New Profile

Advanced

RSA+DSA+ECC bundles

Previous Message Next Message
Forum List Message List New Topic Print View
Primoz Bratanic
February 06, 2013 12:26PM
Hi,

Apache supports specifying multiple certificates (different types) for same
host in line with OpenSSL support (RSA, DSA, ECC). This allows using ECC key
exchange methods with clients that support it and it's backwards compatible.
I wonder how much work would it be to add support for this to nginx. Is it
just allowing specifying 2-3 certificates (and checking they have different
key type) + adding support for returning proper key chain or are the any
other obvious roadblocks (that are not obvious to me).

Thanks,

Primoz


begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q#S -!@E@AD@!90,$`@,%`#" !@DJADB&
M]PT!!P$``*""%30P@@8T,(($'* #`@$"`@$@, T&"2J&2(;W#0$!!04`,'TQ
M"S )!@-5! 83`DE,,18P% 8#500*$PU3=&%R=$-O;2!,=&0N,2LP*08#500+
M$R)396-U<F4@1&EG:71A;"!#97)T:69I8V%T92!3:6=N:6YG,2DP)P8#500#
M$R!3=&%R=$-O;2!#97)T:69I8V%T:6]N($%U=&AO<FET>3 >%PTP-S$P,C0R
M,3 R-35:%PTQ-S$P,C0R,3 R-35:,(&,,0LP"08#500&$P))3#$6,!0&`U4$
M"A,-4W1A<G1#;VT@3'1D+C$K,"D&`U4$"Q,B4V5C=7)E($1I9VET86P@0V5R
M=&EF:6-A=&4@4VEG;FEN9S$X,#8&`U4$`Q,O4W1A<G1#;VT@0VQA<W,@,B!0
M<FEM87)Y($EN=&5R;65D:6%T92!#;&EE;G0@0T$P@@$B, T&"2J&2(;W#0$!
M`04``X(!#P`P@@$*`H(!`0#+*(5%G $L^QGRJZ4SC"J@#<O05>U=(H%G1L0/
M"%.^R]VD\1*T/GW,;0V&=^F>AA]&!9^WZN40`[7C] &,ZP@/A$$WXO*M?I -
MYM)\+<%QO>#.;"*K+[.Y43]6LG 9'O[.8/821Z\F=FG$G)\W,XP0@*.U];^1
MM\L/# S]IMD0LGM"GX&>)S@WJV25<X0)3@_6'H[P%V:AY+,.>A\Q)52*&$F=
MZN/D2;CUUWR*,F\OF-IM1/F,U^8@F5P<=.8).C"@%M;VL./[]CCB\NA61]UQ
MQ[3I,U*WAO_PK!9P??KFF$I4>N7'1LT[)J""O%A]<H*%X409O?$@^QW_Z]Q1
M"S;U`@,!``&C@@&M,((!J3 /!@-5'1,!`?\$!3 #`0'_, X&`U4=#P$!_P0$
M`P(!!C =!@-5'0X$%@04KE6#;^PQRKGW'?JO:S'SR!WCK+LP'P8#51TC!!@P
M%H 43@OO&J1 6Z47:8<PRC1H0]!!KO(P9@8(*P8!!04'`0$$6C!8,"<&""L&
M`04%!S !AAMH='1P.B\O;V-S<"YS=&%R='-S;"YC;VTO8V$P+08(*P8!!04'
M, *&(6AT=' Z+R]W=W<N<W1A<G1S<VPN8V]M+W-F<V-A+F-R=#!;!@-5'1\$
M5#!2,">@): CAB%H='1P.B\O=W=W+G-T87)T<W-L+F-O;2]S9G-C82YC<FPP
M)Z EH".&(6AT=' Z+R]C<FPN<W1A<G1S<VPN8V]M+W-F<V-A+F-R;#"!@ 8#
M51T@!'DP=S!U!@LK!@$$`8&U-P$"`3!F,"X&""L&`04%!P(!%B)H='1P.B\O
M=W=W+G-T87)T<W-L+F-O;2]P;VQI8WDN<&1F,#0&""L&`04%!P(!%BAH='1P
M.B\O=W=W+G-T87)T<W-L+F-O;2]I;G1E<FUE9&EA=&4N<&1F, T&"2J&2(;W
M#0$!!04``X("`0`ZJ2<-R-.T%I'O:930:<5,7'WW.YU*R$*21PW(O=0Q1NWU
M81T9#&=2?@2H.5#5,2!2=F?0?=#(G'/S5W+.Y#P479^EQCO[SW/.V.D?G%DO
M37/?GZ=Q)YK)O>#L3L"/<)_*IZ_^J-Y@^)Z#_2:8<%#TU\!Z+XVKT9X5$!RW
MZ/XMC1M%UX$QUTMEYM)%5*,UZJ6*0';IC(@?[WLX]4!T"0YE'3V#'*?JWH/?
M=-<Y,D]WPUOXKR5;^J5K9(>C\-LK64^YKX.V(5]U>=#;_.M'%==9J'%%7*@2
M[]('$_AP0V+6[KWL37[<#4"@^=?=P.\S>+QNPDV)%\<K4HRKEZZ1&K1(A3\5
MH&_.)U8]N4E.:OZ]5X<&\NIBX9&VE[)9%;<!%D]U6I^/:RHY2N%ZU"F&%K9W
M\ZNFDFI.;M%:<7=:V._;5H0]Q'0KSH3<_T*936OE9"+*W*>_O&83]9=6]E.C
M&L2%;7KE3 ]U]+\XB,*^X\6&GO168V\9:5'IJEXW`M$&A7S>ZB-";$# "R^X
MAD08.RM J#@<Q G0]W[F8I>9%/RS_7*]02M]5-%,NN=6Q9P###)*H0`H2&Y]
M'HN]E9VZ4K*ZTG1=`0!F$/+\AVGN6@H/A^^750E=]RNA;L6:W]/<D\_E<?SY
M'45&)%YF<_SDW\B5[%#E%Z\INBKR-JV*7'$I.3""!RLP@@83H ,"`0("`B.T
M, T&"2J&2(;W#0$!"P4`,(&,,0LP"08#500&$P))3#$6,!0&`U4$"A,-4W1A
M<G1#;VT@3'1D+C$K,"D&`U4$"Q,B4V5C=7)E($1I9VET86P@0V5R=&EF:6-A
M=&4@4VEG;FEN9S$X,#8&`U4$`Q,O4W1A<G1#;VT@0VQA<W,@,B!0<FEM87)Y
M($EN=&5R;65D:6%T92!#;&EE;G0@0T$P'A<-,3(P-S(Q,34S-3 W6A<-,30P
M-S(R,3@S-34P6C!R,0LP"08#500&$P)323$1, \&`U4$"!,(4VQO=F5N:6$Q
M$C 0!@-5! <3"4=R;W-U<&QJ93$8,!8&`U4$`Q,/4')I;6]Z($)R871A;FEC
M,2(P( 8)*H9(AO<-`0D!%A-P<FEM;WI <VQO+71E8V@N8V]M,((!(C -!@DJ
MADB&]PT!`0$%``."`0\`,((!"@*"`0$`S3":1.7S;@TIE<# ,3$,UWA18K#[
M%U%I>WOS=8GXP]#N>5!'"M\ITVN*4U0F)WJD)QO4Q>W+P"X#- +7RK+00I!"
MUKD[UZZB1:QC\<^#SAC@++*3$"IJ9!-1[:K4H46>U)?:YP<R,=H5P95H(=K=
M$9HK%L(P>2P:O/R"GFKM:0%AZQ_JFX3XR&>0ARA-I'.XD,4!FPZAGBT)I#H5
MGWXE.7BLME4V#G1!Z3><JV$R_+Z<GL%**^JIN4./(7^Z'GP&PZHC71A%$HJJ
M'-]P$ULTY;U>4)^YV/-&H8+R"OU@'*%$69D1J[0?>]1&"Z_%8]Y.4ZO%W1[O
M!$;BADA!6([^R0(#`0`!HX(#KC""`ZHP"08#51T3! (P`# +!@-5'0\$! ,"
M!+ P'08#51TE!!8P% 8(*P8!!04'`P(&""L&`04%!P,$,!T&`U4=#@06!!3E
MU6GS@[&*& X$C+5FVJ,`:?UPNS ?!@-5'2,$&# 6@!2N58-O[#'*N?<=^J]K
M,?/('>.LNS >!@-5'1$$%S 5@1-P<FEM;WI <VQO+71E8V@N8V]M,(("(08#
M51T@!(("&#""`A0P@@(0!@LK!@$$`8&U-P$"`C""`?\P+@8(*P8!!04'`@$6
M(FAT=' Z+R]W=W<N<W1A<G1S<VPN8V]M+W!O;&EC>2YP9&8P- 8(*P8!!04'
M`@$6*&AT=' Z+R]W=W<N<W1A<G1S<VPN8V]M+VEN=&5R;65D:6%T92YP9&8P
M@?<&""L&`04%!P(",('J,"<6(%-T87)T0V]M($-E<G1I9FEC871I;VX@075T
M:&]R:71Y, ,"`0$:@;Y4:&ES(&-E<G1I9FEC871E('=A<R!I<W-U960@86-C
M;W)D:6YG('1O('1H92!#;&%S<R R(%9A;&ED871I;VX@<F5Q=6ER96UE;G1S
M(&]F('1H92!3=&%R=$-O;2!#02!P;VQI8WDL(')E;&EA;F-E(&]N;'D@9F]R
M('1H92!I;G1E;F1E9"!P=7)P;W-E(&EN(&-O;7!L:6%N8V4@;V8@=&AE(')E
M;'EI;F<@<&%R='D@;V)L:6=A=&EO;G,N,(&<!@@K!@$%!0<"`C"!CS G%B!3
M=&%R=$-O;2!#97)T:69I8V%T:6]N($%U=&AO<FET>3 #`@$"&F1,:6%B:6QI
M='D@86YD('=A<G)A;G1I97,@87)E(&QI;6ET960A(%-E92!S96-T:6]N("),
M96=A;"!A;F0@3&EM:71A=&EO;G,B(&]F('1H92!3=&%R=$-O;2!#02!P;VQI
M8WDN,#8&`U4='P0O,"TP*Z IH">&)6AT=' Z+R]C<FPN<W1A<G1S<VPN8V]M
M+V-R='4R+6-R;"YC<FPP@8X&""L&`04%!P$!!(&!,'\P.08(*P8!!04', &&
M+6AT=' Z+R]O8W-P+G-T87)T<W-L+F-O;2]S=6(O8VQA<W,R+V-L:65N="]C
M83!"!@@K!@$%!0<P`H8V:'1T<#HO+V%I82YS=&%R='-S;"YC;VTO8V5R=',O
M<W5B+F-L87-S,BYC;&EE;G0N8V$N8W)T,",&`U4=$@0<,!J&&&AT=' Z+R]W
M=W<N<W1A<G1S<VPN8V]M+S -!@DJADB&]PT!`0L%``."`0$`LZRL-KU-'W>9
M?7;?7 ":&WWWW=G0^ 41E@.7I%TM5*(%U%Y';QX_%G&^&5=?5A8I!YU%E41P
M3\.]]#+@(O?0*YN<`1D0D_QD$.+YKMD91I0F\[2*M8>'R )>I(4KM; \$Q2(
M: P]YCU N4XLUSAOU8L,D$E:O72!K=]P&[XAP3BVRD$.75J59_[,/RGM+\RJ
M+?T7[<DFTWRJ42NKY#8/PF50[4^"E9+!J]/6IQQ>7A31)U@M,8>+MY!PB B2
MMKJ+PJRO6+=\;*Y_CF<M@.C%R$)%/IX'3;X;%*@6:11U1/SA@(L72@= GQ#T
MY2C=YVW+V-CJOVF .O_9J=N)D_+QGC""!\DP@@6QH ,"`0("`0$P#08)*H9(
MAO<-`0$%!0`P?3$+, D&`U4$!A,"24PQ%C 4!@-5! H3#5-T87)T0V]M($QT
M9"XQ*S I!@-5! L3(E-E8W5R92!$:6=I=&%L($-E<G1I9FEC871E(%-I9VYI
M;F<Q*3 G!@-5! ,3(%-T87)T0V]M($-E<G1I9FEC871I;VX@075T:&]R:71Y
M,!X7#3 V,#DQ-S$Y-#8S-EH7#3,V,#DQ-S$Y-#8S-EHP?3$+, D&`U4$!A,"
M24PQ%C 4!@-5! H3#5-T87)T0V]M($QT9"XQ*S I!@-5! L3(E-E8W5R92!$
M:6=I=&%L($-E<G1I9FEC871E(%-I9VYI;F<Q*3 G!@-5! ,3(%-T87)T0V]M
M($-E<G1I9FEC871I;VX@075T:&]R:71Y,(("(C -!@DJADB&]PT!`0$%``."
M`@\`,((""@*"`@$`P8C;";QL1GQXGY5[M3.0\G)BUL$V("(D7L[I=_)#"J(&
M9*3,CC;X..8C\&YML3S=<J.%'*'3/;0S*],OK_[JL$%99[;$!GT*GG2%UGE,
M@#=ZWSD%4EGW]!M&0Z32A872PW'S=6(TNBR*?QZ/[NTTT!''ELU2/;HSUMU-
MW@L[2DN?PB8O^K46''(U=\H\7>;*X2:+&C9V7 ';=!0E_NVUH(@/W7C*+1\'
MES !+7)Y^D;6$RJHN::K@TD=Y?+OW>0!CA@*CV-3%H5BJ0X9.LRU9J;":W0'
MY"OA=CZT;=CV1.%S8A\[Q+Z@4U8E;%$)]ZJKRK]V_6V;\YW;OSUFO Q6JJ^8
M2)4Z2]^G6%#9.'6I6^I## +_F>OH;$UP6REEG-VJ7<RO`3'L#.O2C>CJG'OF
M;O<G9@P:2-=N0N,_WB$^>^$-</MCJJAL&E2T7"5ZR:+)BQ:FNRQ^%UX%35AN
M$AT![A(0#<8R?QC__/3ZS6Z1Z#9)OAI(:8O"EDT:$K)I%\$*D-;Z>2)(O[I[
M:?APQ_IZ-]C8#=)V3U?_D+?CD=+=[\)@MV<ZW?ZJG/#4BW]R(L[&GY>V^*^*
MH!"HV?L8QK:U7%(\B;89*G,!"@\#LQ)@\GHO@=NC;O\F,)?UB]V)5[:M/;.O
M*\6W=@+PI=8KFH84*G+VXS.,70E+$]^[C'034DL"`P$``:."`E(P@@)., P&
M`U4=$P0%, ,!`?\P"P8#51T/! 0#`@&N,!T&`U4=#@06!!1."^\:I$!;I1=I
MAS#*-&A#T$&N\C!D!@-5'1\$73!;,"R@*J HAB9H='1P.B\O8V5R="YS=&%R
M=&-O;2YO<F<O<V9S8V$M8W)L+F-R;# KH"F@)X8E:'1T<#HO+V-R;"YS=&%R
M=&-O;2YO<F<O<V9S8V$M8W)L+F-R;#""`5T&`U4=( 2"`50P@@%0,((!3 8+
M*P8!! &!M3<!`0$P@@$[,"\&""L&`04%!P(!%B-H='1P.B\O8V5R="YS=&%R
M=&-O;2YO<F<O<&]L:6-Y+G!D9C U!@@K!@$%!0<"`18I:'1T<#HO+V-E<G0N
M<W1A<G1C;VTN;W)G+VEN=&5R;65D:6%T92YP9&8P@= &""L&`04%!P(",('#
M,"<6(%-T87)T($-O;6UE<F-I86P@*%-T87)T0V]M*2!,=&0N, ,"`0$:@9=,
M:6UI=&5D($QI86)I;&ET>2P@<F5A9"!T:&4@<V5C=&EO;B J3&5G86P@3&EM
M:71A=&EO;G,J(&]F('1H92!3=&%R=$-O;2!#97)T:69I8V%T:6]N($%U=&AO
M<FET>2!0;VQI8WD@879A:6QA8FQE(&%T(&AT=' Z+R]C97)T+G-T87)T8V]M
M+F]R9R]P;VQI8WDN<&1F,!$&"6"&2 &&^$(!`00$`P(`!S X!@E@AD@!AOA"
M`0T$*Q8I4W1A<G1#;VT@1G)E92!34TP@0V5R=&EF:6-A=&EO;B!!=71H;W)I
M='DP#08)*H9(AO<-`0$%!0`#@@(!`!9LF?1F##3UT(5>?0KLVA!..!Q>WZ8E
M!4N1,L'H._$]W40)6P=)BBG+9@*WL9KW)9@)/(X;X=TVARM+NVC3.68]H";'
M\CF1'5&K@GM^U<Y:Y.(#5W!IEPCY7EBF"M^,!II%%A8X"EY7]F+'>@(%YKP>
MM?*>]*DI@_BR%.-N*(=$PY :WCBI/*Q#361%SMTHJ5SR<WL$^!?HJ['S+EQD
M;G,Q.A*XO+,1Y'V/@5&:.XV)]$V39GL\`^W3FAV:\V50]:#0=9\OK_#J@D.8
M^&F<B7G$0XY&<N-D-A*O]R4>.(F0=W[#:VJYP\M$2ZQXD(OGQRP>2Q%$R#12
M)\T*79^%P8G5&GCRE1!3,MV A&9UV;5H*/MA+KZ$J#C F1*&I1YG9*T&+B^I
M<(7'E@]\B67UCD-4#JO=I8 YE&# -,F6<"RC$O4?2'N]''YKMYV0]"([KOC\
M*LKZ@E*@[Z]+59/KP;7P(HNL-$XF(@2AARQU2K?E?1/7N QDP#;2R2^&$HPC
M"<$;@CMS2:-J5X>4Y=9XQ9E#8^--X'<MX669<FD$&D<)Y@\!5B3['[\.>:E8
M+KG$"0%^E;IM``8^LNI*$#G8T"OUO^QUOY<"Q0D;"-Q5-^*!^S>$0V(@RN=6
M2V7J_FS!)),DH33K!?^:(JZ;?3_Q95$*IC!JL_2('( -_'**Z(->,8($2C""
M!$8"`0$P@9,P@8PQ"S )!@-5! 83`DE,,18P% 8#500*$PU3=&%R=$-O;2!,
M=&0N,2LP*08#500+$R)396-U<F4@1&EG:71A;"!#97)T:69I8V%T92!3:6=N
M:6YG,3@P-@8#500#$R]3=&%R=$-O;2!#;&%S<R R(%!R:6UA<GD@26YT97)M
M961I871E($-L:65N="!#00("([0P#08)8(9(`64#! (#!0"@@@*',!@&"2J&
M2(;W#0$)`S$+!@DJADB&]PT!!P$P' 8)*H9(AO<-`0D%,0\7#3$S,#(P-C$W
M,C0R.%HP3P8)*H9(AO<-`0D$,4($0/!Z1$>%O*64*^ V"8!%)3@X0J%%*9:6
M0N#@2=K/NJ0FW `(1#8JCT23I)S![%,V>@SG/#Y@Y3C.L%J\YL>+4^XP@:0&
M"2L&`00!@C<0!#&!EC"!DS"!C#$+, D&`U4$!A,"24PQ%C 4!@-5! H3#5-T
M87)T0V]M($QT9"XQ*S I!@-5! L3(E-E8W5R92!$:6=I=&%L($-E<G1I9FEC
M871E(%-I9VYI;F<Q.# V!@-5! ,3+U-T87)T0V]M($-L87-S(#(@4')I;6%R
M>2!);G1E<FUE9&EA=&4@0VQI96YT($-!`@(CM#"!I@8+*H9(AO<-`0D0`@LQ
M@9:@@9,P@8PQ"S )!@-5! 83`DE,,18P% 8#500*$PU3=&%R=$-O;2!,=&0N
M,2LP*08#500+$R)396-U<F4@1&EG:71A;"!#97)T:69I8V%T92!3:6=N:6YG
M,3@P-@8#500#$R]3=&%R=$-O;2!#;&%S<R R(%!R:6UA<GD@26YT97)M961I
M871E($-L:65N="!#00("([0P@:L&"2J&2(;W#0$)#S&!G3"!FC +!@E@AD@!
M90,$`2HP"P8)8(9(`64#! $6, H&""J&2(;W#0,', L&"6"&2 %E`P0!`C .
M!@@JADB&]PT#`@("`( P!P8%*PX#`@<P#08(*H9(AO<-`P("`4 P#08(*H9(
MAO<-`P("`2@P"P8)8(9(`64#! (#, L&"6"&2 %E`P0"`C +!@E@AD@!90,$
M`@$P!P8%*PX#`AHP#08)*H9(AO<-`0$!!0`$@@$`'PG3$]VF)449E;1<E&,^
MI? `_[:;]=,+)K*PG>X2MC<.%QJ->.V\TR-]+/S0BVH\4O.Q&PSK+@T80: Y
M@*+G_ZC4+"AW4(4XW&B'DR3,KW6::\8]6O!R8^"[T_X-W8]HY R%'!GKP HX
M.-=]3/@77"?7*WCN2+ 4G;=%T:17. <Y4WPEZIT5D !5Z1U\0F?T-VBE!L8]
M>13M?N<F8BA-9K<9K.(_"!*]"DSM1J>'CU)J.$O.Q7V&IC_HPO'9=-8)/V!F
M=7ZO"]7P'=HX!ZWZI"YOZ 8+>]@P"JD(3!6/OFP9=)1G[47H&KE_&RZ3)O(*
6"J:_I>"J[F-]']Y>)A"8^P``````````
`
end

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

RSA+DSA+ECC bundles

Primoz Bratanic February 06, 2013 12:26PM

Re: RSA+DSA+ECC bundles

christopherincanada March 08, 2013 05:16PM

Re: RSA+DSA+ECC bundles

mex March 09, 2013 04:05AM

[PATCH] Re: RSA+DSA+ECC bundles

Rob Stradling October 17, 2013 10:06AM

Re: [PATCH] Re: RSA+DSA+ECC bundles

Rob Stradling October 17, 2013 10:08AM

Re: [PATCH] Re: RSA+DSA+ECC bundles

Maxim Dounin October 17, 2013 11:20AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 195
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready