id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
462	Server: OpenSSL Safari Workaround (SSL_OP_SAFARI_ECDHE_ECDSA_BUG)	Jeffrey Walton		"It appears there is an opportunity for improvement in the server for Safari clients when using OpenSSL. From ngx_event_openssl.c, around line 185:

{{{
    /* server side options */

    SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
    ...
}}}

It might be helpful to add SSL_OP_SAFARI_ECDHE_ECDSA_BUG:

{{{
    #if !defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
    # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000400L 
    #endif

     SSL_CTX_set_options(ssl->ctx, SSL_OP_SAFARI_ECDHE_ECDSA_BUG);
}}}

SSL_OP_SAFARI_ECDHE_ECDSA_BUG was a recent check-in. http://openssl.6102.n7.nabble.com/openssl-org-3068-PATCH-Safari-broken-ECDHE-ECDSA-workaround-td45432.html."	defect	closed	minor		nginx-core		wontfix	openssl safari SSL_OP_SAFARI_ECDHE_ECDSA_BUG server		"$ uname -a
Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64"	"$ objs/nginx -V
nginx version: nginx/1.4.4
configure arguments:"