OpenSSL: Disable ECDSA cipher suites on Windows XP.

net/socket/ssl_client_socket_openssl.cc

Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index f7b9d28d2442338ef490f643ac0dd99edf95efc7..94dfdae942f117cc08692fbe5a150fdda053a2f6 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -30,6 +30,10 @@
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
 
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
+
 #if defined(USE_OPENSSL_CERTS)
 #include "net/ssl/openssl_client_key_store.h"
 #else
@@ -786,6 +790,15 @@ int SSLClientSocketOpenSSL::Init() {
        command.append(name);
      }
   }
+
+  // Disable ECDSA cipher suites on platforms that do not support ECDSA
+  // signed certificates, as servers may use the presence of such
+  // ciphersuites as a hint to send an ECDSA certificate.
+#if defined(OS_WIN)
+  if (base::win::GetVersion() < base::win::VERSION_VISTA)
+    command.append(":!ECDSA");
+#endif
+
   int rv = SSL_set_cipher_list(ssl_, command.c_str());
   // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
   // This will almost certainly result in the socket failing to complete the