Yes, this is a fully supported scenario. You can even test it with the openssl s_server command - use -cert, - key, and -cert_chain for the first certificate and -dcert, -dkey, and - dcert_chain with the second one. Tomas Mraz On Fri, 2022-03-11 at 13:19 +0000, Kris Kwiatkowski wrote: > Hello, > > On my server, I would like to support 2 certificate chains. One > chain > would be signed with RSA and the other with EdDSA (so 2 complatelly > different > chains with 2 root certificates). Then, let say, new clients that > support > EdDSA will choose to use it, otherwise I'll serve RSA for everybody > else. > > I think a protocol can support such setup (only interested in > TLSv1.3), but > is that feature implementated by OpenSSL? > > Kind regards, > Kris > > -- Tomáš Mráz, OpenSSL
