On 14/06/13 14:16, Ben Laurie wrote:
On 14 June 2013 14:08, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Apparently the ECDHE-ECDSA bug is in SecureTransport, which is an integral
component of OSX.
On 14/06/13 15:25, Florian Weimer wrote:
On 06/14/2013 03:31 PM, Dr. Stephen Henson wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont
set it:
they'd all need to be recompiled.
That's a valid
On Thu, Jun 13, 2013 at 6:39 PM, Ben Laurie b...@links.org wrote:
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
The behavior change applies only if new option
SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to
10.8.3, but they are _fixed_ in OSX 10.8.4 (released last week).
It
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to
On 14/06/13 10:20, Ben Laurie wrote:
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 10:20, Ben Laurie wrote:
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben,
On 14/06/13 12:31, Ben Laurie wrote:
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Ah, so you're criticizing Apple for not being willing to force all OSX
10.8.x users to update to 10.8.4.
No.
If OSX 10.8.x has a mechanism that allows Apple to force updates to be
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 12:31, Ben Laurie wrote:
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Ah, so you're criticizing Apple for not being willing to force all OSX
10.8.x users to update to 10.8.4.
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
What do people think?
No keep the
On Fri, Jun 14, 2013, Bodo Moeller wrote:
On Thu, Jun 13, 2013 at 6:39 PM, Ben Laurie b...@links.org wrote:
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
The behavior change applies only if new
On 06/14/2013 03:31 PM, Dr. Stephen Henson wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set it:
they'd all need to be recompiled.
That's a valid point.
Possibly alternative is to reuse
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set
it:
they'd all need to be recompiled.
That's a valid point.
This is true, unfortunately.
Possibly alternative is to reuse one of the
Ø Hm, without any SSL_OP_... settings, the expectation generally is that we
kind of sort of follow the specs
Ø and don't do any weird stuff like this for interoperability's sake. If we
switch semantics around for certain
Ø options, the resulting inconsistencies would make all that even
On 14/06/13 13:58, Ben Laurie wrote:
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Safari's User-Agent string reveals the OSX version that it is running on. A
few weeks ago I analyzed some webserver logs to get an idea of historical
OSX update rates. Based on that
On 14 June 2013 13:54, The Doctor doc...@doctor.nl2k.ab.ca wrote:
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
On 14 June 2013 14:08, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 13:58, Ben Laurie wrote:
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Safari's User-Agent string reveals the OSX version that it is running on.
A
few weeks ago I analyzed some
On 14/06/13 13:54, The Doctor wrote:
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
On 14/06/13 14:31, Dr. Stephen Henson wrote:
snip
The behavior change applies only if new option
SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of SSL_OP_ALL), as is standard
for interoperability bug workarounds, so while it is very unfortunate that
we'd need to do this, I'm in favor of accepting
On 14 June 2013 16:10, Bodo Moeller bmoel...@acm.org wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set
it:
they'd all need to be recompiled.
That's a valid point.
This is true,
20 matches
Mail list logo
