Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.

OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
author: Rob Stradling <rob@comodo.com> 2013-09-10 12:41:37 +0100
committer: Ben Laurie <ben@links.org> 2013-10-04 14:55:01 +0100
commit: cadbbd51c8b4e66515cd3e97754cfeda606c7b15 (patch)
tree: 165cd1176ebe93d514137a88d8db236cb2051f98 /ssl/ssl3.h
parent: ff7b021040807132b86720c5c95664c28d0cf342 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index b9a85effa0..4cc063821a 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -460,6 +460,16 @@ typedef struct ssl3_state_st
         unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_server_finished_len;
         int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+	/* This is set to true if we believe that this is a version of Safari
+	 * running on OS X 10.6 or newer. We wish to know this because Safari
+	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+	char is_probably_safari;
+#endif	/* OPENSSL_NO_EC */
+#endif	/* OPENSSL_NO_TLSEXT */
+
 	} SSL3_STATE;
author	Rob Stradling <rob@comodo.com>	2013-09-10 12:41:37 +0100
committer	Ben Laurie <ben@links.org>	2013-10-04 14:55:01 +0100
commit	cadbbd51c8b4e66515cd3e97754cfeda606c7b15 (patch)
tree	165cd1176ebe93d514137a88d8db236cb2051f98 /ssl/ssl3.h
parent	ff7b021040807132b86720c5c95664c28d0cf342 (diff)