Support for parallel ECDSA / RSA certificates
|Reported by:||Owned by:|
I'd like to be able to deploy an ECDSA certificate alongside an RSA certificate, and have Nginx choose which certificate to serve based on the signature_algorithms extension in the handshake: https://tools.ietf.org/html/rfc5246#page-45.
ECDSA certificates are much smaller, and so allow faster handshake times on limited bandwidth. But they are not yet broadly supported. Allowing deployment of dual certificates on Nginx would help greatly with a gradual rollout of ECDSA certificates, which would in turn help client adoption and promote a faster Internet.