On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to
10.8.3, but they are _fixed_ in OSX 10.8.4 (released last week).
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
What do people think?
The unfortunate reality is that significant numbers of OSX 10.8.x users
won't upgrade to 10.8.4 anytime soon, even though the upgrade is free
and easy to install.
No server administrator will want to deploy ECDHE-ECDSA if it means
breaking compatibility with even a small fraction of deployed browsers.
Hence why this patch is, unfortunately, necessary.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
