[erlang-questions] TLS: signature algorithms extension

Roger Lipscombe roger@REDACTED
Mon Feb 15 17:45:20 CET 2016


Does Erlang support the signature algorithms extension in TLS 1.2
(https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1)?

Specifically, I've got two classes of client, one of which expects a
SHA1-signed certificate, and one of which expects a SHA256-signed
certificate.

It appears that 'certfile' can only be specified once, and -- in
testing -- it appears that the file can contain only one server
certificate.

Can we use Erlang SSL (via ranch, if it matters) to serve a different
certificate based on the signature algorithms extension sent by the
client (or, if absent, a default)?



More information about the erlang-questions mailing list