On 14 June 2013 09:39, Rob Stradling <rob.stradl...@comodo.com> wrote:
> On 13/06/13 17:39, Ben Laurie wrote:
>>
>> ...and don't intend to fix their broken ECDSA support in Safari.
>
>
> Ben, you've got your wires a bit crossed there.
>
> The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to
> 10.8.3, but they are _fixed_ in OSX 10.8.4 (released last week).
>
>
>> It is therefore suggested that I pull this patch:
>>
>>
>> https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
>>
>> What do people think?
>
>
> The unfortunate reality is that significant numbers of OSX 10.8.x users
> won't upgrade to 10.8.4 anytime soon, even though the upgrade is free and
> easy to install.

Precisely my point - so how were my wires crossed?

> No server administrator will want to deploy ECDHE-ECDSA if it means breaking
> compatibility with even a small fraction of deployed browsers.  Hence why
> this patch is, unfortunately, necessary.

What is _necessary_ is that Apple accept responsibility for their errors :-)

Why are we chasing after them cleaning up their messes?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to