Description of feature: ECDSA certificates are now available from several CAs (including Let's Encrypt), please add support for configuring both RSA and ECDSA certificates to allow incoming connections to negotiate for the certificate type they support. See Apache, Nginx, and Postfix for examples.

This most likely needs support in LuaSec first, seehttps://github.com/brunoos/luasec/issues/27

• tags Status-Blocked

This most likely needs support in LuaSec first, see https://github.com/brunoos/luasec/issues/27

• tags

Issue with luasec was resolved with https://github.com/brunoos/luasec/pull/133

Great! Could anyone test whether this works with Prosody? Should be something like this: ssl = { certificate = 'certs/example.com.rsa.crt', key = 'certs/example.com.rsa.key', certificates = { { certificate = 'certs/example.com.ec.crt', key = 'certs/example.com.ec.key', }, }, }

• tags Status-Blocked Status-NeedInfo

Does not work. Also tried like this: ssl = { certificates = { { certificate = 'certs/example.com.ec.crt', key = 'certs/example.com.ec.key', }, { certificate = 'certs/example.com.rsa.crt', key = 'certs/example.com.rsa.key', }, }, } It only finds the key in the highest level 'certificate' & 'key' statement.

Did you try with the git version of luasec? It just was committed 13 days ago and there has not been a luasec release yet.. (should have clarified that in my comment, sorry)

Yes I did (in matter of fact, finding out how to get it on my server was most of the job).

Seems like the compat code I based the config in comment 5 on wasn't in the finally merged version. So it seems like what Winfried wrote in comment 6 is correct, and I even got that to work once I got LuaSec built from source and actually got it to use the built version. So, now the question is what we do about this, and how it interacts with things like SNI.

• tags Status-NeedInfo Status-Accepted

Got it working with lua-sec 0.9, prosody 0.11.3 and the config as mentioned in comment 6.