diff options
author | Rob Stradling <rob@comodo.com> | 2013-09-09 10:44:29 +0100 |
---|---|---|
committer | Ben Laurie <ben@links.org> | 2013-09-16 14:03:21 +0100 |
commit | 07df5018befd637a2a02ebd767969aa953200b3f (patch) | |
tree | 9a2d95619c872122ffca125fd9f98c85535293ff /ssl/ssl3.h | |
parent | 1b9a59c36a547443dbefb0faed6598b3a15719c9 (diff) |
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
Diffstat (limited to 'ssl/ssl3.h')
-rw-r--r-- | ssl/ssl3.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 171c76a73c..56416078ad 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -580,7 +580,15 @@ typedef struct ssl3_state_st * as the types were received in the client hello. */ unsigned short *tlsext_custom_types; size_t tlsext_custom_types_count; /* how many tlsext_custom_types */ -#endif + +#ifndef OPENSSL_NO_EC + /* This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari + * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ + char is_probably_safari; +#endif /* OPENSSL_NO_EC */ + +#endif /* OPENSSL_NO_TLSEXT */ } SSL3_STATE; #endif |