Welcome! Log In Create A New Profile

Re: OT: OpenSSL 1.0.1f

Forum List Message List New Topic Print View

Rob Stradling

January 06, 2014 04:04PM

On 06/01/14 20:40, Jeffrey Walton wrote:
<snip>
> There's also an Apple SecureTransport bug workaround. Apple's
> SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
> suites. It affects Mac OS X and could affect iOS. It might be prudent
> to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.
> http://www.mail-archive.com/openssl-dev@openssl.org/msg32629.html.

Nginx doesn't yet support multiple server certs per site (e.g. 1 RSA
cert and 1 ECC cert), so SSL_OP_SAFARI_ECDHE_ECDSA_BUG isn't yet useful.

(I was working on a patch for multiple server certs a few months ago; I
hope to find time to complete this very soon).

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
OT: OpenSSL 1.0.1f	Jeffrey Walton	January 06, 2014 03:42PM
Re: OT: OpenSSL 1.0.1f	Rob Stradling	January 06, 2014 04:04PM
Re: OT: OpenSSL 1.0.1f	Rob Stradling	January 07, 2014 05:00AM
RE: OT: OpenSSL 1.0.1f	Lukas Tribus	January 06, 2014 05:06PM
Re: OT: OpenSSL 1.0.1f	coderman	January 07, 2014 12:38PM
Re: OT: OpenSSL 1.0.1f	coderman	January 07, 2014 12:42PM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 07, 2014 02:43PM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 08, 2014 05:08AM
Re: OT: OpenSSL 1.0.1f	Aidan Scheller	January 09, 2014 12:18AM
Re: OT: OpenSSL 1.0.1f	itpp2012	January 09, 2014 03:51AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 313

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018