On 14 June 2013 09:39, Rob Stradling <rob.stradl...@comodo.com> wrote: > On 13/06/13 17:39, Ben Laurie wrote: >> >> ...and don't intend to fix their broken ECDSA support in Safari. > > > Ben, you've got your wires a bit crossed there. > > The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to > 10.8.3, but they are _fixed_ in OSX 10.8.4 (released last week). > > >> It is therefore suggested that I pull this patch: >> >> >> https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d >> >> What do people think? > > > The unfortunate reality is that significant numbers of OSX 10.8.x users > won't upgrade to 10.8.4 anytime soon, even though the upgrade is free and > easy to install.
Precisely my point - so how were my wires crossed? > No server administrator will want to deploy ECDHE-ECDSA if it means breaking > compatibility with even a small fraction of deployed browsers. Hence why > this patch is, unfortunately, necessary. What is _necessary_ is that Apple accept responsibility for their errors :-) Why are we chasing after them cleaning up their messes? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
