>> I_ve a server application and need to support RSA and ECC >> clients at the same time. > > Configure the server's SSL_CTX with both certificate chains and > the private keys for the two entity certificates, and for older > TLS versions the server will select the appropriate chain based > on the cipher-suite list in the ClientHello. Side tracking slightly, I have only ECC certificates on my web, mail and FTP servers, and SSL Labs says the only browser that can not connect to them is Chrome 49 on Windows XP SP3. Is there another reason I should be duplicating all my ECC certificates with RSA versions? I do see a lot of SSL connection errors in my logs, but assume these are mostly hackers or trackers with software not able to support TLS/1.2, usually with a blank SNI and ALPN and often no extensions in the client hello. One had 'Versions: TLSv1.1, TLSv1.3 Key Share Data' so got unsupported protocol. error:0A000102:SSL routines::unsupported protocol error:0A000418:SSL routines::tlsv1 alert unknown ca error:0A0000C1:SSL routines::no shared cipher error:0A00006C:SSL routines::bad key share error:0A000413:SSL routines::sslv3 alert unsupported certificate Also lots of unexpected closes during handshake, and HTTP requests with no handshake. Angus
