Simultaneous EC/RSA Certificates

Alan DeKok aland at deployingradius.com
Fri May 20 13:02:34 CEST 2016


On May 20, 2016, at 6:08 AM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> 
> NGINX has just added support for serving an ECDSA and an RSA certificate simultaneously, keyed off the cipher selected with ECDSA as the preferred option.
> 
> Obviously there's significant differences between HTTP and RADIUS, but could this be implemented in FreeRADIUS for EAP/RadSec?

  From a quick look at the nginx patch, it just allows for loading multiple certs.  Then (presumably), OpenSSL does the rest.

  That could be done in the server.  We'd have to update the configuration with the new syntax, but sure, it's possible.

  Alan DeKok.




More information about the Freeradius-Users mailing list