[erlang-questions] TLS: signature algorithms extension
Andreas Schultz
aschultz@REDACTED
Tue Feb 16 08:55:11 CET 2016
Hi,
----- Original Message -----
> From: "Roger Lipscombe" <roger@REDACTED>
> To: erlang-questions@REDACTED
> Sent: Monday, February 15, 2016 5:45:20 PM
> Subject: [erlang-questions] TLS: signature algorithms extension
> Does Erlang support the signature algorithms extension in TLS 1.2
> (https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1)?
Yes, and it does announce (as client) all the hash and signature
algorithms that it supports.
> Specifically, I've got two classes of client, one of which expects a
> SHA1-signed certificate, and one of which expects a SHA256-signed
> certificate.
>
> It appears that 'certfile' can only be specified once, and -- in
> testing -- it appears that the file can contain only one server
> certificate.
>
> Can we use Erlang SSL (via ranch, if it matters) to serve a different
> certificate based on the signature algorithms extension sent by the
> client (or, if absent, a default)?
The certificate to use is initialized before the handshake. So there
is no support for selecting different certificates from a list of
candidates.
Andreas
More information about the erlang-questions
mailing list