4 Replies Latest reply on Oct 2, 2017 1:17 PM by leif.widmayer_2227251

    TLS Support for both ECC and RSA Certificate/Key pair


      For a TLSv1.2 secured TCP server socket is there a way to support both ECC and RSA certificate/key pairs?

      We are required to support all the following ciphers:

      •                    TLS_RSA_WITH_3DES_EDE_CBC_SHA         

      •                    TLS_RSA_WITH_AES_128_CBC_SHA

      •                    TLS_RSA_WITH_AES_128_GCM_SHA256

      •                    TLS_RSA_WITH_AES_256_CBC_SHA

      •                    TLS_RSA_WITH_AES_256_GCM_SHA384

      •                    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

      •                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

      •                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

      •                    TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256

      •                    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

      •                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

      •                    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

      •                    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

      •                    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384


      From my understanding TLS_ECDHE_ECDSA_xxxx ciphers will require a certificate signed by an ECC key, the others RSA.

      The structure wiced_tls_context_t can only be assigned one wiced_tls_identity_t pointer which holds the certificate/key pair.

      Currently have all ciphers except TLS_ECDHE_ECDSA_xxxx working on our platform:

      SDK 5.0, module ISM43362_M3G_L44.