Rob Stradling
January 07, 2014 05:00AM
On 06/01/14 21:02, Rob Stradling wrote:
> On 06/01/14 20:40, Jeffrey Walton wrote:
> <snip>
>> There's also an Apple SecureTransport bug workaround. Apple's
>> SecrureTransport does not properly negotiate ECDHE-ECDSA cipher
>> suites. It affects Mac OS X and could affect iOS. It might be prudent
>> to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG by default.
>> http://www.mail-archive.com/openssl-dev@openssl.org/msg32629.html.
>
> Nginx doesn't yet support multiple server certs per site (e.g. 1 RSA
> cert and 1 ECC cert), so SSL_OP_SAFARI_ECDHE_ECDSA_BUG isn't yet useful.

Actually I suppose that's not strictly true. Setting
SSL_OP_SAFARI_ECDHE_ECDSA_BUG would be useful today on any Nginx server
with an ECC cert and both ECDHE-ECDSA cipher(s) and ECDH-ECDSA cipher(s)
enabled. (I don't suppose there are many such servers!)

> (I was working on a patch for multiple server certs a few months ago; I
> hope to find time to complete this very soon).

--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

OT: OpenSSL 1.0.1f

Jeffrey Walton January 06, 2014 03:42PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 06, 2014 04:04PM

Re: OT: OpenSSL 1.0.1f

Rob Stradling January 07, 2014 05:00AM

RE: OT: OpenSSL 1.0.1f

Lukas Tribus January 06, 2014 05:06PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:38PM

Re: OT: OpenSSL 1.0.1f

coderman January 07, 2014 12:42PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 07, 2014 02:43PM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 08, 2014 05:08AM

Re: OT: OpenSSL 1.0.1f

Aidan Scheller January 09, 2014 12:18AM

Re: OT: OpenSSL 1.0.1f

itpp2012 January 09, 2014 03:51AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 199
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready