Hello Mano,
On Mon, 3 Sep 2018 at 18:26, Emmanuel Hocdet wrote:
>
> Hi Lukas, Emeric
>
> This patch fix the issue. If you can check it.
I confirm the patch fixes the original test case and also works fine
in my Chrome on XP testbed (TLSv1.2, no ECC support).
As you mentioned for clients using <= TLSv1.1 we now prefer RSA over
ECC certificates. There is a small theoretical server side penalty for
increased CPU load due to RSA handshake for impacted clients, but I am
confident that this is neglectable. For the record this impacts
Android 4.[0-3], Java 7 and Internet Explorer 7-10 on Vista and 7
(current IE11 on Windows 7 bumps the schannel configuration to
TLSv1.2).
Thanks for taking care of this!
cheers,
lukas