On Thu, May 01, 2014 at 02:45:19PM +0200, Hanno Böck wrote: > On Thu, 1 May 2014 14:29:44 +0200 > Kurt Roeckx <k...@roeckx.be> wrote: > > > On Thu, May 01, 2014 at 01:35:19PM +0200, Hanno Böck wrote: > > > > > > Maybe this should teach us a lesson: Adding more and more > > > Workarounds for broken stuff isn't the way to go forward. The way > > > to go forward is to fix broken stuff. > > > > The problem isn't always to fix the broken stuff but ussually to get > > people to upgrade to the fixed version. People are scared of > > changes. > > I'm well aware of that, but I think there is another option. > If browsers (or other kind of tls using software) would display a > warning "your stuff is broken, it will no longer work with our next > version if you don't install updates on your whatever hw, tell your > admin NOW", I'm pretty sure those people would update their stuff. > > Certainly better than inventing yet another "workaround for broken > stuff"-tls-extensions (because we all should know by now: too many tls > extensions make the protocol too complex and can hurt).
I'm just backporting the Safari detection to not to ECDSA since we plan to enable ECDHE in Debian stable and it seems their are still a significate enough amount of users using the broken version. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
