id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
394	Safari needcerts hack catches Chrome on OSX	andersk		"Our [source:/trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf?rev=2257#L31 User-Agent match] for the Safari needcerts hack also catches Chrome on OS X, which was not intended.  In Chrome < 33, this triggers an SSL3 fallback if the visitor presents no client certificate, breaking SNI.  ([https://code.google.com/p/chromium/issues/detail?id=66517 Upstream bug], though davidben says it’s out of date.)

There is some question of whether the non–Safari behavior was a good idea in the first place (for less important reasons), but I’ll leave that for another ticket.

Waaah, SSL."	defect	new	normal		web