Hello Mano,
On Mon, 3 Sep 2018 at 18:26, Emmanuel Hocdet <[email protected]> wrote: > > Hi Lukas, Emeric > > This patch fix the issue. If you can check it. I confirm the patch fixes the original test case and also works fine in my Chrome on XP testbed (TLSv1.2, no ECC support). As you mentioned for clients using <= TLSv1.1 we now prefer RSA over ECC certificates. There is a small theoretical server side penalty for increased CPU load due to RSA handshake for impacted clients, but I am confident that this is neglectable. For the record this impacts Android 4.[0-3], Java 7 and Internet Explorer 7-10 on Vista and 7 (current IE11 on Windows 7 bumps the schannel configuration to TLSv1.2). Thanks for taking care of this! cheers, lukas
