Safari 8.0 or earlier on IOS 8.4 or earlier doesn't appear to support ECDSA certs signed with an SHA384 signature (shown in the client capabilities here: Qualys SSL Labs - Projects / User Agent Capabilities: Safari 8 / iOS 8.4)
Yet going back as far as IOS 7 that OS supports a number of root certs signed with ECDSA/SHA384 - https://support.apple.com/en-au/HT203065
So I'm guessing this is a Safari rather than IOS issue, correct? Does anyone know if it only affects Safari on IOS or also Safari on other platforms?
This poses a problem for ECDSA cert deployment for older Safari/IOS clients as most CAs that issue public ECDSA certs do so using a root or intermediate cert signed with ECDSA/SHA384. Does anyone know of a CA that offers an ECDSA/SHA256-only cert chain?