ECC - RSA certificates in MTLS handshake Q

Question

In our MTLS handshake, we have a client certificate issued using ECC and server certificate issued using RSA. We are seeing handshake errors at algorithm check since server does not have ecdsa algorithms, should client and server certificate be of same type (RSA or ECC ) for handshake to work or is there a way to add ecdsa algorithms on server side without changing RSA server certificate ?

First to be clear, do you mean the certs _contain_ ECC and RSA keys, or are _signed by_ CA keys of those types? I would interpret 'issued using' as the latter, but the former is more important to TLS -- although the types of keys used to sign all certs in each chain can matter. The server and client certificates don't have to contain the same type key as long as (1) each cert is a type supported by the opposite endpoint aka peer and (2) for protocols through 1.2 only, the server cert is compatible with at least one ciphersuite offered by the client and acceptable to the server. — dave_thompson_085, Oct 03 '21 at 03:22
For us to help, you must be specific about what software you are using at both ends, how it is configured, and exactly what error you are getting and where. The key types and possibly other characteristics (e.g. size) for all certs in the chain _may_ be relevant, as may be the _signature_ types not just the key types -- in particular RSA keys can be used for traditional PKCSv1.5 signatures _or_ for RSA-PSS signatures, and in 1.3 the latter are usually preferred while in lower protocols the former is often required. — dave_thompson_085, Oct 03 '21 at 03:25

score 0 · Answer 1 · answered Oct 03 '21 at 02:21

0

During negotiation, the client sends a hello message. It contains the cipher suites the client supports. After receiving the hello message, the server replies hello message which contains the chosen cipher suite. This is the negotiation phase. In your case, the negotiation will fail and cause a failure that the cipher suite algorithm used by the client is not supported by the server.

answered Oct 03 '21 at 02:21

asitdhal

621
2
7
15

1

This is true but not relevant to this Q, because the ciphersuite is completely independent of and never affects or is affected by the client certificate. (In TLS 1.3 it is also indepdent of the _server_ certificate, but that was not true in earlier protocols.) – dave_thompson_085 Oct 03 '21 at 03:15

ECC - RSA certificates in MTLS handshake Q

1 Answers1