Questions on SSL_OP_SAFARI_ECDHE_ECDSA_BUG

> Reference: http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html
> and http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html.
>
> BL > ...and don't intend to fix their broken ECDSA support in Safari.
> Apple really needs to fix their engineering process and broken
> implementation. (And hire some QA personnel while they are at it...
> This is something their lawyers can't fix with a change to their
> license agreements).
>
> Will the patch be applied to 0.9.8 and 1.0.1 branches?

> If I can't wait for the patch in future stable releases (or don't want
> to use SSL_OP_SAFARI_ECDHE_ECDSA_BUG), what are the other options? Can
> I use a cipher_list to work around this? For example, can I prefer RSA
> and DSS ciphers over ECDSA:
>
>    const char* const PREFERRED_CIPHERS =
>
>      /* TLS 1.2 only */
>      "ECDHE-RSA-AES256-GCM-SHA384:"
>      "ECDHE-RSA-AES128-GCM-SHA256:"
>
>      /* TLS 1.2 only */
>      "DHE-DSS-AES256-GCM-SHA384:"
>      "DHE-RSA-AES256-GCM-SHA384:"
>      "DHE-DSS-AES128-GCM-SHA256:"
>      "DHE-RSA-AES128-GCM-SHA256:"
>
>      /* TLS 1.2, see SSL_OP_SAFARI_ECDHE_ECDSA_BUG */
>      "ECDHE-ECDSA-AES256-GCM-SHA384:"
>      "ECDHE-ECDSA-AES128-GCM-SHA256:"

> On 09/12/13 23:34, Jeffrey Walton wrote:
>>
>> Reference:
>> http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html
>> and
>> http://openssl.6102.n7.nabble.com/Apple-are-apparently-dicks-td45512.html.
>>
>> ...
>> If I can't wait for the patch in future stable releases (or don't want
>> to use SSL_OP_SAFARI_ECDHE_ECDSA_BUG), what are the other options? Can
>> I use a cipher_list to work around this? For example, can I prefer RSA
>> and DSS ciphers over ECDSA:
>>
>>    const char* const PREFERRED_CIPHERS =
>>
>>      /* TLS 1.2 only */
>>      "ECDHE-RSA-AES256-GCM-SHA384:"
>>      "ECDHE-RSA-AES128-GCM-SHA256:"
>>
>>      /* TLS 1.2 only */
>>      "DHE-DSS-AES256-GCM-SHA384:"
>>      "DHE-RSA-AES256-GCM-SHA384:"
>>      "DHE-DSS-AES128-GCM-SHA256:"
>>      "DHE-RSA-AES128-GCM-SHA256:"
>>
>>      /* TLS 1.2, see SSL_OP_SAFARI_ECDHE_ECDSA_BUG */
>>      "ECDHE-ECDSA-AES256-GCM-SHA384:"
>>      "ECDHE-ECDSA-AES128-GCM-SHA256:"
>
>
> The broken versions of Safari/OSX don't support GCM (or DSS, I think), so
> enabling and even preferring ECDHE-ECDSA-AES256-GCM-SHA384 and
> ECDHE-ECDSA-AES128-GCM-SHA256 on your server shouldn't cause any problems.
>
> If you can't wait for the patch, or don't want to use it, here are two
> workarounds that I think should work...
>
> 1. Ensure that these 4 ciphers are all disabled on your server (since these
> are the only ciphers that are affected by the Safari/OSX bug):
> ECDHE-ECDSA-AES256-SHA
> ECDHE-ECDSA-AES128-SHA
> ECDHE-ECDSA-RC4-SHA
> ECDHE-ECDSA-DES-CBC3-SHA
>
> or
>
> 2. If you want to enable 1 or more of those 4 ECDHE-ECDSA ciphers, ensure
> that your server prefers at least 1 of the following ciphers (that
> Safari/OSX also offers) ahead of them:
> ECDH-RSA-AES128-SHA
> ECDH-RSA-AES256-SHA
> ECDH-RSA-RC4-SHA
> ECDH-RSA-DES-CBC3-SHA
> ECDHE-RSA-AES256-SHA
> ECDHE-RSA-AES128-SHA
> ECDHE-RSA-RC4-SHA
> ECDHE-RSA-DES-CBC3-SHA
> AES128-SHA
> RC4-SHA
> RC4-MD5
> AES256-SHA
> DES-CBC3-SHA
> DHE-RSA-AES128-SHA
> DHE-RSA-AES256-SHA
> EDH-RSA-DES-CBC3-SHA
>
> (Obviously you'll need 2 server certificates, one with an RSA key and one
> with an ECC key).