Fix comment around safari fingerprint check
authorMatt Caswell <matt@openssl.org>
Tue, 2 May 2017 15:26:00 +0000 (16:26 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 2 May 2017 16:08:41 +0000 (17:08 +0100)
Fixes #2442

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3367)

ssl/statem/statem_srvr.c

index 9dfdbe5..7adf09b 100644 (file)
@@ -1175,6 +1175,7 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
  *   SNI,
  *   elliptic_curves
  *   ec_point_formats
  *   SNI,
  *   elliptic_curves
  *   ec_point_formats
+ *   signature_algorithms (for TLSv1.2 only)
  *
  * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
  * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
  *
  * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
  * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.