Fix comment around safari fingerprint check

Fixes #2442

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3367)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9dfdbe5e6a15062ade4d3511f8609ee2cc07e737..7adf09b3d819743b4f48551d6aa8b45e6eb6df2f 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1175,6 +1175,7 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
  *   SNI,
  *   elliptic_curves
  *   ec_point_formats
  *   SNI,
  *   elliptic_curves
  *   ec_point_formats

+ *   signature_algorithms (for TLSv1.2 only)

  *
  * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
  * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
  *
  * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
  * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.