RSA+DSA+ECC bundles

Primoz Bratanic primoz at slo-tech.com
Wed Feb 6 17:24:28 UTC 2013


Hi,

Apache supports specifying multiple certificates (different types) for same
host in line with OpenSSL support (RSA, DSA, ECC). This allows using ECC key
exchange methods with clients that support it and it's backwards compatible.
I wonder how  much work would it be to add support for this to nginx. Is it
just allowing specifying 2-3 certificates (and checking they have different
key type) + adding support for returning proper key chain or are the any
other obvious roadblocks (that are not obvious to me).

Thanks,

Primoz


begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q#S -!@E at AD@!90,$`@,%`#" !@DJADB&
M]PT!!P$``*""%30P@@8T,(($'* #`@$"`@$@, T&"2J&2(;W#0$!!04`,'TQ
M"S )!@-5! 83`DE,,18P% 8#500*$PU3=&%R=$-O;2!,=&0N,2LP*08#500+
M$R)396-U<F4 at 1&EG:71A;"!#97)T:69I8V%T92!3:6=N:6YG,2DP)P8#500#
M$R!3=&%R=$-O;2!#97)T:69I8V%T:6]N($%U=&AO<FET>3 >%PTP-S$P,C0R
M,3 R-35:%PTQ-S$P,C0R,3 R-35:,(&,,0LP"08#500&$P))3#$6,!0&`U4$
M"A,-4W1A<G1#;VT at 3'1D+C$K,"D&`U4$"Q,B4V5C=7)E($1I9VET86P at 0V5R
M=&EF:6-A=&4 at 4VEG;FEN9S$X,#8&`U4$`Q,O4W1A<G1#;VT at 0VQA<W,@,B!0
M<FEM87)Y($EN=&5R;65D:6%T92!#;&EE;G0 at 0T$P@@$B, T&"2J&2(;W#0$!
M`04``X(!#P`P@@$*`H(!`0#+*(5%G $L^QGRJZ4SC"J@#<O05>U=(H%G1L0/
M"%.^R]VD\1*T/GW,;0V&=^F>AA]&!9^WZN40`[7C] &,ZP@/A$$WXO*M?I -
MYM)\+<%QO>#.;"*K+[.Y43]6LG 9'O[.8/821Z\F=FG$G)\W,XP0@*.U];^1
MM\L/# S]IMD0LGM"GX&>)S at WJV25<X0)3 at _6'H[P%V:AY+,.>A\Q)52*&$F=
MZN/D2;CUUWR*,F\OF-IM1/F,U^8 at F5P<=.8).C"@%M;VL./[]CCB\NA61]UQ
MQ[3I,U*WAO_PK!9P??KFF$I4>N7'1LT[)J""O%A]<H*%X409O?$@^QW_Z]Q1
M"S;U`@,!``&C@@&M,((!J3 /!@-5'1,!`?\$!3 #`0'_, X&`U4=#P$!_P0$
M`P(!!C =!@-5'0X$%@04KE6#;^PQRKGW'?JO:S'SR!WCK+LP'P8#51TC!!@P
M%H 43 at OO&J1 6Z47:8<PRC1H0]!!KO(P9 at 8(*P8!!04'`0$$6C!8,"<&""L&
M`04%!S !AAMH='1P.B\O;V-S<"YS=&%R='-S;"YC;VTO8V$P+08(*P8!!04'
M, *&(6AT=' Z+R]W=W<N<W1A<G1S<VPN8V]M+W-F<V-A+F-R=#!;!@-5'1\$
M5#!2,">@): CAB%H='1P.B\O=W=W+G-T87)T<W-L+F-O;2]S9G-C82YC<FPP
M)Z EH".&(6AT=' Z+R]C<FPN<W1A<G1S<VPN8V]M+W-F<V-A+F-R;#"!@ 8#
M51T@!'DP=S!U!@LK!@$$`8&U-P$"`3!F,"X&""L&`04%!P(!%B)H='1P.B\O
M=W=W+G-T87)T<W-L+F-O;2]P;VQI8WDN<&1F,#0&""L&`04%!P(!%BAH='1P
M.B\O=W=W+G-T87)T<W-L+F-O;2]I;G1E<FUE9&EA=&4N<&1F, T&"2J&2(;W
M#0$!!04``X("`0`ZJ2<-R-.T%I'O:930:<5,7'WW.YU*R$*21PW(O=0Q1NWU
M81T9#&=2?@2H.5#5,2!2=F?0?=#(G'/S5W+.Y#P479^EQCO[SW/.V.D?G%DO
M37/?GZ=Q)YK)O>#L3L"/<)_*IZ_^J-Y@^)Z#_2:8<%#TU\!Z+XVKT9X5$!RW
MZ/XMC1M%UX$QUTMEYM)%5*,UZJ6*0';IC(@?[WLX]4!T"0YE'3V#'*?JWH/?
M=-<Y,D]WPUOXKR5;^J5K9(>C\-LK64^YKX.V(5]U>=#;_.M'%==9J'%%7*@2
M[]('$_AP0V+6[KWL37[<#4"@^=?=P.\S>+QNPDV)%\<K4HRKEZZ1&K1(A3\5
MH&_.)U8]N4E.:OZ]5X<&\NIBX9&VE[)9%;<!%D]U6I^/:RHY2N%ZU"F&%K9W
M\ZNFDFI.;M%:<7=:V._;5H0]Q'0KSH3<_T*936OE9"+*W*>_O&83]9=6]E.C
M&L2%;7KE3 ]U]+\XB,*^X\6&GO168V\9:5'IJEXW`M$&A7S>ZB-";$# "R^X
MAD08.RM J#@<Q G0]W[F8I>9%/RS_7*]02M]5-%,NN=6Q9P###)*H0`H2&Y]
M'HN]E9VZ4K*ZTG1=`0!F$/+\AVGN6 at H/A^^750E=]RNA;L6:W]/<D\_E<?SY
M'45&)%YF<_SDW\B5[%#E%Z\INBKR-JV*7'$I.3""!RLP@@83H ,"`0("`B.T
M, T&"2J&2(;W#0$!"P4`,(&,,0LP"08#500&$P))3#$6,!0&`U4$"A,-4W1A
M<G1#;VT at 3'1D+C$K,"D&`U4$"Q,B4V5C=7)E($1I9VET86P at 0V5R=&EF:6-A
M=&4 at 4VEG;FEN9S$X,#8&`U4$`Q,O4W1A<G1#;VT at 0VQA<W,@,B!0<FEM87)Y
M($EN=&5R;65D:6%T92!#;&EE;G0 at 0T$P'A<-,3(P-S(Q,34S-3 W6A<-,30P
M-S(R,3 at S-34P6C!R,0LP"08#500&$P)323$1, \&`U4$"!,(4VQO=F5N:6$Q
M$C 0!@-5! <3"4=R;W-U<&QJ93$8,!8&`U4$`Q,/4')I;6]Z($)R871A;FEC
M,2(P( 8)*H9(AO<-`0D!%A-P<FEM;WI <VQO+71E8V at N8V]M,((!(C -!@DJ
MADB&]PT!`0$%``."`0\`,((!"@*"`0$`S3":1.7S;@TIE<# ,3$,UWA18K#[
M%U%I>WOS=8GXP]#N>5!'"M\ITVN*4U0F)WJD)QO4Q>W+P"X#- +7RK+00I!"
MUKD[UZZB1:QC\<^#SAC at ++*3$"IJ9!-1[:K4H46>U)?:YP<R,=H5P95H(=K=
M$9HK%L(P>2P:O/R"GFKM:0%AZQ_JFX3XR&>0ARA-I'.XD,4!FPZAGBT)I#H5
MGWXE.7BLME4V#G1!Z3><JV$R_+Z<GL%**^JIN4./(7^Z'GP&PZHC71A%$HJJ
M'-]P$ULTY;U>4)^YV/-&H8+R"OU@'*%$69D1J[0?>]1&"Z_%8]Y.4ZO%W1[O
M!$;BADA!6([^R0(#`0`!HX(#KC""`ZHP"08#51T3! (P`# +!@-5'0\$! ,"
M!+ P'08#51TE!!8P% 8(*P8!!04'`P(&""L&`04%!P,$,!T&`U4=#@06!!3E
MU6GS@[&*& X$C+5FVJ,`:?UPNS ?!@-5'2,$&# 6@!2N58-O[#'*N?<=^J]K
M,?/('>.LNS >!@-5'1$$%S 5 at 1-P<FEM;WI <VQO+71E8V at N8V]M,(("(08#
M51T@!(("&#""`A0P@@(0!@LK!@$$`8&U-P$"`C""`?\P+ at 8(*P8!!04'`@$6
M(FAT=' Z+R]W=W<N<W1A<G1S<VPN8V]M+W!O;&EC>2YP9&8P- 8(*P8!!04'
M`@$6*&AT=' Z+R]W=W<N<W1A<G1S<VPN8V]M+VEN=&5R;65D:6%T92YP9&8P
M@?<&""L&`04%!P(",('J,"<6(%-T87)T0V]M($-E<G1I9FEC871I;VX at 075T
M:&]R:71Y, ,"`0$:@;Y4:&ES(&-E<G1I9FEC871E('=A<R!I<W-U960 at 86-C
M;W)D:6YG('1O('1H92!#;&%S<R R(%9A;&ED871I;VX@<F5Q=6ER96UE;G1S
M(&]F('1H92!3=&%R=$-O;2!#02!P;VQI8WDL(')E;&EA;F-E(&]N;'D at 9F]R
M('1H92!I;G1E;F1E9"!P=7)P;W-E(&EN(&-O;7!L:6%N8V4@;V8@=&AE(')E
M;'EI;F<@<&%R='D@;V)L:6=A=&EO;G,N,(&<!@@K!@$%!0<"`C"!CS G%B!3
M=&%R=$-O;2!#97)T:69I8V%T:6]N($%U=&AO<FET>3 #`@$"&F1,:6%B:6QI
M='D at 86YD('=A<G)A;G1I97, at 87)E(&QI;6ET960A(%-E92!S96-T:6]N("),
M96=A;"!A;F0 at 3&EM:71A=&EO;G,B(&]F('1H92!3=&%R=$-O;2!#02!P;VQI
M8WDN,#8&`U4='P0O,"TP*Z IH">&)6AT=' Z+R]C<FPN<W1A<G1S<VPN8V]M
M+V-R='4R+6-R;"YC<FPP at 8X&""L&`04%!P$!!(&!,'\P.08(*P8!!04', &&
M+6AT=' Z+R]O8W-P+G-T87)T<W-L+F-O;2]S=6(O8VQA<W,R+V-L:65N="]C
M83!"!@@K!@$%!0<P`H8V:'1T<#HO+V%I82YS=&%R='-S;"YC;VTO8V5R=',O
M<W5B+F-L87-S,BYC;&EE;G0N8V$N8W)T,",&`U4=$@0<,!J&&&AT=' Z+R]W
M=W<N<W1A<G1S<VPN8V]M+S -!@DJADB&]PT!`0L%``."`0$`LZRL-KU-'W>9
M?7;?7 ":&WWWW=G0^ 41E at .7I%TM5*(%U%Y';QX_%G&^&5=?5A8I!YU%E41P
M3\.]]#+@(O?0*YN<`1D0D_QD$.+YKMD91I0F\[2*M8>'R )>I(4KM; \$Q2(
M: P]YCU N4XLUSAOU8L,D$E:O72!K=]P&[XAP3BVRD$.75J59_[,/RGM+\RJ
M+?T7[<DFTWRJ42NKY#8/PF50[4^"E9+!J]/6IQQ>7A31)U at M,8>+MY!PB B2
MMKJ+PJRO6+=\;*Y_CF<M at .C%R$)%/IX'3;X;%*@6:11U1/SA@(L72@= GQ#T
MY2C=YVW+V-CJOVF .O_9J=N)D_+QGC""!\DP@@6QH ,"`0("`0$P#08)*H9(
MAO<-`0$%!0`P?3$+, D&`U4$!A,"24PQ%C 4!@-5! H3#5-T87)T0V]M($QT
M9"XQ*S I!@-5! L3(E-E8W5R92!$:6=I=&%L($-E<G1I9FEC871E(%-I9VYI
M;F<Q*3 G!@-5! ,3(%-T87)T0V]M($-E<G1I9FEC871I;VX at 075T:&]R:71Y
M,!X7#3 V,#DQ-S$Y-#8S-EH7#3,V,#DQ-S$Y-#8S-EHP?3$+, D&`U4$!A,"
M24PQ%C 4!@-5! H3#5-T87)T0V]M($QT9"XQ*S I!@-5! L3(E-E8W5R92!$
M:6=I=&%L($-E<G1I9FEC871E(%-I9VYI;F<Q*3 G!@-5! ,3(%-T87)T0V]M
M($-E<G1I9FEC871I;VX at 075T:&]R:71Y,(("(C -!@DJADB&]PT!`0$%``."
M`@\`,((""@*"`@$`P8C;";QL1GQXGY5[M3.0\G)BUL$V("(D7L[I=_)#"J(&
M9*3,CC;X..8C\&YML3S=<J.%'*'3/;0S*],OK_[JL$%99[;$!GT*GG2%UGE,
M@#=ZWSD%4EGW]!M&0Z32A872PW'S=6(TNBR*?QZ/[NTTT!''ELU2/;HSUMU-
MW at L[2DN?PB8O^K46''(U=\H\7>;*X2:+&C9V7 ';=!0E_NVUH(@/W7C*+1\'
MES !+7)Y^D;6$RJHN::K at TD=Y?+OW>0!CA@*CV-3%H5BJ0X9.LRU9J;":W0'
MY"OA=CZT;=CV1.%S8A\[Q+Z at 4U8E;%$)]ZJKRK]V_6V;\YW;OSUFO Q6JJ^8
M2)4Z2]^G6%#9.'6I6^I## +_F>OH;$UP6REEG-VJ7<RO`3'L#.O2C>CJG'OF
M;O<G9 at P:2-=N0N,_WB$^>^$-</MCJJAL&E2T7"5ZR:+)BQ:FNRQ^%UX%35AN
M$AT![A(0#<8R?QC__/3ZS6Z1Z#9)OAI(:8O"EDT:$K)I%\$*D-;Z>2)(O[I[
M:?APQ_IZ-]C8#=)V3U?_D+?CD=+=[\)@MV<ZW?ZJG/#4BW]R(L[&GY>V^*^*
MH!"HV?L8QK:U7%(\B;89*G,!"@\#LQ)@\GHO@=NC;O\F,)?UB]V)5[:M/;.O
M*\6W=@+PI=8KFH84*G+VXS.,70E+$]^[C'034DL"`P$``:."`E(P@@)., P&
M`U4=$P0%, ,!`?\P"P8#51T/! 0#`@&N,!T&`U4=#@06!!1."^\:I$!;I1=I
MAS#*-&A#T$&N\C!D!@-5'1\$73!;,"R@*J HAB9H='1P.B\O8V5R="YS=&%R
M=&-O;2YO<F<O<V9S8V$M8W)L+F-R;# KH"F@)X8E:'1T<#HO+V-R;"YS=&%R
M=&-O;2YO<F<O<V9S8V$M8W)L+F-R;#""`5T&`U4=( 2"`50P@@%0,((!3 8+
M*P8!! &!M3<!`0$P@@$[,"\&""L&`04%!P(!%B-H='1P.B\O8V5R="YS=&%R
M=&-O;2YO<F<O<&]L:6-Y+G!D9C U!@@K!@$%!0<"`18I:'1T<#HO+V-E<G0N
M<W1A<G1C;VTN;W)G+VEN=&5R;65D:6%T92YP9&8P@= &""L&`04%!P(",('#
M,"<6(%-T87)T($-O;6UE<F-I86P@*%-T87)T0V]M*2!,=&0N, ,"`0$:@9=,
M:6UI=&5D($QI86)I;&ET>2P@<F5A9"!T:&4@<V5C=&EO;B J3&5G86P at 3&EM
M:71A=&EO;G,J(&]F('1H92!3=&%R=$-O;2!#97)T:69I8V%T:6]N($%U=&AO
M<FET>2!0;VQI8WD at 879A:6QA8FQE(&%T(&AT=' Z+R]C97)T+G-T87)T8V]M
M+F]R9R]P;VQI8WDN<&1F,!$&"6"&2 &&^$(!`00$`P(`!S X!@E at AD@!AOA"
M`0T$*Q8I4W1A<G1#;VT at 1G)E92!34TP at 0V5R=&EF:6-A=&EO;B!!=71H;W)I
M='DP#08)*H9(AO<-`0$%!0`#@@(!`!9LF?1F##3UT(5>?0KLVA!..!Q>WZ8E
M!4N1,L'H._$]W40)6P=)BBG+9@*WL9KW)9@)/(X;X=TVARM+NVC3.68]H";'
M\CF1'5&K at GM^U<Y:Y.(#5W!IEPCY7EBF"M^,!II%%A8X"EY7]F+'>@(%YKP>
MM?*>]*DI at _BR%.-N*(=$PY :WCBI/*Q#361%SMTHJ5SR<WL$^!?HJ['S+EQD
M;G,Q.A*XO+,1Y'V/@5&:.XV)]$V39GL\`^W3FAV:\V50]:#0=9\OK_#J at D.8
M^&F<B7G$0XY&<N-D-A*O]R4>.(F0=W[#:VJYP\M$2ZQXD(OGQRP>2Q%$R#12
M)\T*79^%P8G5&GCRE1!3,MV A&9UV;5H*/MA+KZ$J#C F1*&I1YG9*T&+B^I
M<(7'E@]\B67UCD-4#JO=I8 YE&# -,F6<"RC$O4?2'N]''YKMYV0]"([KOC\
M*LKZ at E*@[Z]+59/KP;7P(HNL-$XF(@2AARQU2K?E?1/7N QDP#;2R2^&$HPC
M"<$;@CMS2:-J5X>4Y=9XQ9E#8^--X'<MX669<FD$&D<)Y@\!5B3['[\.>:E8
M+KG$"0%^E;IM``8^LNI*$#G8T"OUO^QUOY<"Q0D;"-Q5-^*!^S>$0V(@RN=6
M2V7J_FS!)),DH33K!?^:(JZ;?3_Q95$*IC!JL_2('( -_'**Z(->,8($2C""
M!$8"`0$P at 9,P at 8PQ"S )!@-5! 83`DE,,18P% 8#500*$PU3=&%R=$-O;2!,
M=&0N,2LP*08#500+$R)396-U<F4 at 1&EG:71A;"!#97)T:69I8V%T92!3:6=N
M:6YG,3 at P-@8#500#$R]3=&%R=$-O;2!#;&%S<R R(%!R:6UA<GD at 26YT97)M
M961I871E($-L:65N="!#00("([0P#08)8(9(`64#! (#!0"@@@*',!@&"2J&
M2(;W#0$)`S$+!@DJADB&]PT!!P$P' 8)*H9(AO<-`0D%,0\7#3$S,#(P-C$W
M,C0R.%HP3P8)*H9(AO<-`0D$,4($0/!Z1$>%O*64*^ V"8!%)3 at X0J%%*9:6
M0N#@2=K/NJ0FW `(1#8JCT23I)S![%,V>@SG/#Y at Y3C.L%J\YL>+4^XP@:0&
M"2L&`00!@C<0!#&!EC"!DS"!C#$+, D&`U4$!A,"24PQ%C 4!@-5! H3#5-T
M87)T0V]M($QT9"XQ*S I!@-5! L3(E-E8W5R92!$:6=I=&%L($-E<G1I9FEC
M871E(%-I9VYI;F<Q.# V!@-5! ,3+U-T87)T0V]M($-L87-S(#(@4')I;6%R
M>2!);G1E<FUE9&EA=&4 at 0VQI96YT($-!`@(CM#"!I at 8+*H9(AO<-`0D0`@LQ
M at 9:@@9,P at 8PQ"S )!@-5! 83`DE,,18P% 8#500*$PU3=&%R=$-O;2!,=&0N
M,2LP*08#500+$R)396-U<F4 at 1&EG:71A;"!#97)T:69I8V%T92!3:6=N:6YG
M,3 at P-@8#500#$R]3=&%R=$-O;2!#;&%S<R R(%!R:6UA<GD at 26YT97)M961I
M871E($-L:65N="!#00("([0P@:L&"2J&2(;W#0$)#S&!G3"!FC +!@E at AD@!
M90,$`2HP"P8)8(9(`64#! $6, H&""J&2(;W#0,', L&"6"&2 %E`P0!`C .
M!@@JADB&]PT#`@("`( P!P8%*PX#`@<P#08(*H9(AO<-`P("`4 P#08(*H9(
MAO<-`P("`2 at P"P8)8(9(`64#! (#, L&"6"&2 %E`P0"`C +!@E at AD@!90,$
M`@$P!P8%*PX#`AHP#08)*H9(AO<-`0$!!0`$@@$`'PG3$]VF)449E;1<E&,^
MI? `_[:;]=,+)K*PG>X2MC<.%QJ->.V\TR-]+/S0BVH\4O.Q&PSK+ at T80: Y
M@*+G_ZC4+"AW4(4XW&B'DR3,KW6::\8]6O!R8^"[T_X-W8]HY R%'!GKP HX
M.-=]3/@77"?7*WCN2+ 4G;=%T:17. <Y4WPEZIT5D !5Z1U\0F?T-VBE!L8]
M>13M?N<F8BA-9K<9K.(_"!*]"DSM1J>'CU)J.$O.Q7V&IC_HPO'9=-8)/V!F
M=7ZO"]7P'=HX!ZWZI"YOZ 8+>]@P"JD(3!6/OFP9=)1G[47H&KE_&RZ3)O(*
6"J:_I>"J[F-]']Y>)A"8^P``````````
`
end



More information about the nginx mailing list