On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.

Ben, you've got your wires a bit crossed there.

The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to 10.8.3, but they are _fixed_ in OSX 10.8.4 (released last week).

It is therefore suggested that I pull this patch:


What do people think?

The unfortunate reality is that significant numbers of OSX 10.8.x users won't upgrade to 10.8.4 anytime soon, even though the upgrade is free and easy to install.

No server administrator will want to deploy ECDHE-ECDSA if it means breaking compatibility with even a small fraction of deployed browsers. Hence why this patch is, unfortunately, necessary.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to