On Tue, Dec 10, 2013 at 7:06 AM, Rob Stradling <rob.stradl...@comodo.com> wrote: > On 09/12/13 23:34, Jeffrey Walton wrote: >> >> Reference: >> http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html >> and >> http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html. >> >> ... >> If I can't wait for the patch in future stable releases (or don't want >> to use SSL_OP_SAFARI_ECDHE_ECDSA_BUG), what are the other options? Can >> I use a cipher_list to work around this? For example, can I prefer RSA >> and DSS ciphers over ECDSA: >> >> const char* const PREFERRED_CIPHERS = >> >> /* TLS 1.2 only */ >> "ECDHE-RSA-AES256-GCM-SHA384:" >> "ECDHE-RSA-AES128-GCM-SHA256:" >> >> /* TLS 1.2 only */ >> "DHE-DSS-AES256-GCM-SHA384:" >> "DHE-RSA-AES256-GCM-SHA384:" >> "DHE-DSS-AES128-GCM-SHA256:" >> "DHE-RSA-AES128-GCM-SHA256:" >> >> /* TLS 1.2, see SSL_OP_SAFARI_ECDHE_ECDSA_BUG */ >> "ECDHE-ECDSA-AES256-GCM-SHA384:" >> "ECDHE-ECDSA-AES128-GCM-SHA256:" > > > The broken versions of Safari/OSX don't support GCM (or DSS, I think), so > enabling and even preferring ECDHE-ECDSA-AES256-GCM-SHA384 and > ECDHE-ECDSA-AES128-GCM-SHA256 on your server shouldn't cause any problems. > > If you can't wait for the patch, or don't want to use it, here are two > workarounds that I think should work... > > 1. Ensure that these 4 ciphers are all disabled on your server (since these > are the only ciphers that are affected by the Safari/OSX bug): > ECDHE-ECDSA-AES256-SHA > ECDHE-ECDSA-AES128-SHA > ECDHE-ECDSA-RC4-SHA > ECDHE-ECDSA-DES-CBC3-SHA > > or > > 2. If you want to enable 1 or more of those 4 ECDHE-ECDSA ciphers, ensure > that your server prefers at least 1 of the following ciphers (that > Safari/OSX also offers) ahead of them: > ECDH-RSA-AES128-SHA > ECDH-RSA-AES256-SHA > ECDH-RSA-RC4-SHA > ECDH-RSA-DES-CBC3-SHA > ECDHE-RSA-AES256-SHA > ECDHE-RSA-AES128-SHA > ECDHE-RSA-RC4-SHA > ECDHE-RSA-DES-CBC3-SHA > AES128-SHA > RC4-SHA > RC4-MD5 > AES256-SHA > DES-CBC3-SHA > DHE-RSA-AES128-SHA > DHE-RSA-AES256-SHA > EDH-RSA-DES-CBC3-SHA > > (Obviously you'll need 2 server certificates, one with an RSA key and one > with an ECC key).
Perfect, thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org