OT: OpenSSL 1.0.1f

Rob Stradling rob.stradling at comodo.com
Mon Jan 6 21:02:36 UTC 2014


On 06/01/14 20:40, Jeffrey Walton wrote:
<snip>
> There's also an Apple SecureTransport bug workaround. Apple's
> SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
> suites. It affects Mac OS X and could affect iOS. It might be prudent
> to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.
> http://www.mail-archive.com/openssl-dev@openssl.org/msg32629.html.

Nginx doesn't yet support multiple server certs per site (e.g. 1 RSA 
cert and 1 ECC cert), so SSL_OP_SAFARI_ECDHE_ECDSA_BUG isn't yet useful.

(I was working on a patch for multiple server certs a few months ago; I 
hope to find time to complete this very soon).

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online



More information about the nginx mailing list