diff options
author | Rob Stradling <rob@comodo.com> | 2013-09-10 12:41:37 +0100 |
---|---|---|
committer | Ben Laurie <ben@links.org> | 2013-10-04 14:55:01 +0100 |
commit | cadbbd51c8b4e66515cd3e97754cfeda606c7b15 (patch) | |
tree | 165cd1176ebe93d514137a88d8db236cb2051f98 /ssl/ssl3.h | |
parent | ff7b021040807132b86720c5c95664c28d0cf342 (diff) |
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
Diffstat (limited to 'ssl/ssl3.h')
-rw-r--r-- | ssl/ssl3.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h index b9a85effa0..4cc063821a 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -460,6 +460,16 @@ typedef struct ssl3_state_st unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; unsigned char previous_server_finished_len; int send_connection_binding; /* TODOEKR */ + +#ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_EC + /* This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari + * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ + char is_probably_safari; +#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_TLSEXT */ + } SSL3_STATE; |