Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.

OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
author: Rob Stradling <rob@comodo.com> 2013-09-09 10:44:29 +0100
committer: Ben Laurie <ben@links.org> 2013-09-16 14:03:21 +0100
commit: 07df5018befd637a2a02ebd767969aa953200b3f (patch)
tree: 9a2d95619c872122ffca125fd9f98c85535293ff /ssl/ssl3.h
parent: 1b9a59c36a547443dbefb0faed6598b3a15719c9 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 171c76a73c..56416078ad 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -580,7 +580,15 @@ typedef struct ssl3_state_st
 	 * as the types were received in the client hello. */
 	unsigned short *tlsext_custom_types;
 	size_t tlsext_custom_types_count; /* how many tlsext_custom_types */
-#endif
+
+#ifndef OPENSSL_NO_EC
+	/* This is set to true if we believe that this is a version of Safari
+	 * running on OS X 10.6 or newer. We wish to know this because Safari
+	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+	char is_probably_safari;
+#endif /* OPENSSL_NO_EC */
+
+#endif /* OPENSSL_NO_TLSEXT */
 	} SSL3_STATE;
 
 #endif
author	Rob Stradling <rob@comodo.com>	2013-09-09 10:44:29 +0100
committer	Ben Laurie <ben@links.org>	2013-09-16 14:03:21 +0100
commit	07df5018befd637a2a02ebd767969aa953200b3f (patch)
tree	9a2d95619c872122ffca125fd9f98c85535293ff /ssl/ssl3.h
parent	1b9a59c36a547443dbefb0faed6598b3a15719c9 (diff)