What will be the behaviour if chosen cipher suite is ECDSA but the chosen client certificate is RSA

Question

In case of TLS1.1 and TLS 1.0, what will be the behavior in the following scenario ?

Suppose the server and client both are capable of handling RSA and ECDSA, the client sends a list of cipher suites and server chooses ECDSA for authentication. Then the server requests for client certificate. The client has both RSA and ECDSA certificates for client authentication. If the client chooses an RSA certificate now. What will happen in this case.

score 2 · Accepted Answer · answered Nov 08 '13 at 07:26

2

The client has to supply a certificate that matches the server-specified certificate type and accepted issuers. "The certificate type must be appropriate for the selected cipher suite's key exchange algorithm". RFC 2246.

answered Nov 08 '13 at 07:26

user207421

305,947
44
307
483

Does this mean that a server should only support only one type of key ? – Buzz LIghtyear Nov 08 '13 at 07:29
Can a server not support multiple CAs who issue certificate for different type of keys ? – Buzz LIghtyear Nov 08 '13 at 07:30
(1) No. (2) Your second question is hard to answer unambiguously due to the 'not' but the answer is implied by (1). – user207421 Nov 09 '13 at 22:18

What will be the behaviour if chosen cipher suite is ECDSA but the chosen client certificate is RSA

1 Answers1