Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.

OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
author: Rob Stradling <rob@comodo.com> 2013-09-09 12:52:41 +0100
committer: Ben Laurie <ben@links.org> 2013-09-16 15:07:51 +0100
commit: 4b61f6d2a675fdb57dc93991e7b332a745b44d1f (patch)
tree: 36c5a9fc29cc57f233b9bd40c4a6fd5f9c85cd74 /ssl/ssl3.h
parent: d5bff72615bfda7ae4e7a9d7200aae60c45032cf (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 247e88c2d6..208b39243e 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -539,6 +539,15 @@ typedef struct ssl3_state_st
 	/* Set if we saw the Next Protocol Negotiation extension from our peer. */
 	int next_proto_neg_seen;
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+	/* This is set to true if we believe that this is a version of Safari
+	 * running on OS X 10.6 or newer. We wish to know this because Safari
+	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+	char is_probably_safari;
+#endif	/* OPENSSL_NO_EC */
+#endif	/* OPENSSL_NO_TLSEXT */
 	} SSL3_STATE;
 
 #endif
author	Rob Stradling <rob@comodo.com>	2013-09-09 12:52:41 +0100
committer	Ben Laurie <ben@links.org>	2013-09-16 15:07:51 +0100
commit	4b61f6d2a675fdb57dc93991e7b332a745b44d1f (patch)
tree	36c5a9fc29cc57f233b9bd40c4a6fd5f9c85cd74 /ssl/ssl3.h
parent	d5bff72615bfda7ae4e7a9d7200aae60c45032cf (diff)