Skip to content
Snippets Groups Projects
Commit 8f3f414d authored by Alexander Traud's avatar Alexander Traud
Browse files

tcptls: Enable multiple TLS certificate chains (RSA+ECC+DSA) for server socket. 

When a client connects to a server via SSL/TLS, the server commonly utilizes an
RSA key-pair. However, other such algorithms exist (i.e. DSA and ECDSA), and if
the server socket is configured with a certificate for either one of those, it
would lose its compatibility with RSA-only clients.

Now, the server socket can be configured with up to one RSA, ECDSA and DSA key
each. For example, if a client is not compatible with SHA-2 hashed certificates
like Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy
clients and ECDSA/SHA-2 for everyone else.

ASTERISK-24815 #close
Reported by: Alexander Traud
patches:
  tls_rsa_ecc_dsa.patch uploaded by Alexander Traud (License 6520)

Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a
parent 32eb812b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment