US 10,893,031 B2
Dynamically serving digital certificates based on secure session properties
Nicholas Thomas Sullivan, San Francisco, CA (US); Lee Hahn Holloway, Santa Cruz, CA (US); Piotr Sikora, San Francisco, CA (US); Ryan Lackey, Seattle, WA (US); John Graham-Cumming, London (GB); Dane Orion Knecht, San Francisco, CA (US); Patrick Donahue, San Francisco, CA (US); and Zi Lin, San Francisco, CA (US)
Assigned to CLOUDFLARE, INC., San Francisco, CA (US)
Filed by CLOUDFLARE, INC., San Francisco, CA (US)
Filed on May 24, 2019, as Appl. No. 16/422,947.
Application 16/422,947 is a continuation of application No. 14/964,491, filed on Dec. 9, 2015, granted, now 10,305,871.
Prior Publication US 2019/0281032 A1, Sep. 12, 2019
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/32 (2006.01); G06F 21/33 (2013.01)
CPC H04L 63/061 (2013.01) [G06F 21/33 (2013.01); H04L 9/3247 (2013.01); H04L 9/3263 (2013.01); H04L 63/205 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A method in a server, comprising:
receiving a first request from a first client network application executing on a first client device that initiates a first handshake procedure to establish a first secure session;
analyzing the first request to determine a first set of one or more properties of the first request, wherein the determined first set of one or more properties specifies that the first client network application supports:
an Elliptic Curve Digital Signature Algorithm (ECDSA) with a first cryptographic hash algorithm, and
a Rivest-Shamir-Adleman (RSA) signature algorithm with a second cryptographic hash algorithm;
selecting, from a plurality of certificates for a hostname for the server that includes a first certificate that is signed using ECDSA with the first cryptographic hash algorithm and a second certificate that is signed using RSA with the second cryptographic hash algorithm, the first certificate based at least in part on the determined first set of one or more properties of the first request; and
returning the selected first certificate to the first client network application.