On 14/06/13 14:31, Dr. Stephen Henson wrote:
The behavior change applies only if new option
SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of SSL_OP_ALL), as is standard
for interoperability bug workarounds, so while it is very unfortunate that
we'd need to do this, I'm in favor of accepting this patch.

Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set it:
they'd all need to be recompiled.

Yep, but 0x400 is the only currently unallocated bit.

Possibly alternative is to reuse one of the existing *ancient* flags. Does
anyone really care about compatibility with a bug in SSLeay 0.80 for example?

I'd wondered about that. If you're happy to reallocate one of the ancient flags, please do!

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to