diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/src/ssl/internal.h boringssl/src/ssl/internal.h
--- boringssl-d24a38200fef19150eef00cad35b138936c08767/src/ssl/internal.h	2023-09-27 05:13:00.000000000 +0300
+++ boringssl/src/ssl/internal.h	2024-02-29 20:02:32.711209565 +0200
@@ -577,4 +577,9 @@
 #define SSL_SHA256 0x00000002u
+// curl-impersonate:
+// SSL_SHA384 was removed in
+// https://boringssl-review.googlesource.com/c/boringssl/+/27944/
+// but restored to impersonate browsers with older ciphers.
+#define SSL_SHA384 0x00000004u
 // SSL_AEAD is set for all AEADs.
-#define SSL_AEAD 0x00000004u
+#define SSL_AEAD 0x00000008u
 
diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/src/ssl/ssl_cipher.cc boringssl/src/ssl/ssl_cipher.cc
--- boringssl-d24a38200fef19150eef00cad35b138936c08767/src/ssl/ssl_cipher.cc	2023-09-27 05:13:00.000000000 +0300
+++ boringssl/src/ssl/ssl_cipher.cc	2024-02-29 20:02:32.711209565 +0200
@@ -199,2 +199,33 @@
 
+    // curl-impersonate: Ciphers 3C, 3D were removed in
+    // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
+    // but restored here to impersonate browsers with older ciphers. They are
+    // not expected to actually work; but just to be included in the TLS
+    // Client Hello.
+ 
+    // TLS v1.2 ciphersuites
+ 
+    // Cipher 3C
+    {
+     TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     "TLS_RSA_WITH_AES_128_CBC_SHA256",
+     TLS1_CK_RSA_WITH_AES_128_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_HANDSHAKE_MAC_SHA256,
+    },
+    // Cipher 3D
+    {
+     TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     "TLS_RSA_WITH_AES_256_CBC_SHA256",
+     TLS1_CK_RSA_WITH_AES_256_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     SSL_HANDSHAKE_MAC_SHA256,
+    },
+
     // PSK cipher suites.
@@ -289,2 +320,19 @@
 
+    // curl-impersonate: Cipher C008 was missing from BoringSSL,
+    // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
+    // where it is called ECDHE-ECDSA-DES-CBC3-SHA.
+    // It's not supposed to really work but just appear in the TLS client hello.
+ 
+    // Cipher C008
+    {
+     "ECDHE-ECDSA-DES-CBC3-SHA",
+     "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+     0x0300C008,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_HANDSHAKE_MAC_DEFAULT,
+    },
+
     // Cipher C009
@@ -313,2 +361,17 @@
 
+    // curl-impersonate: Cipher C012 was missing from BoringSSL,
+    // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
+    // where it is called ECDHE-RSA-DES-CBC3-SHA
+    // It's not supposed to really work but just appear in the TLS client hello.
+    {
+     "ECDHE-RSA-DES-CBC3-SHA",
+     "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+     0x0300C012,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL_HANDSHAKE_MAC_DEFAULT,
+    },
+
     // Cipher C013
@@ -337,2 +400,33 @@
 
+    // curl-impersonate: Ciphers C023, C024, C028 were removed in
+    // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
+    // but restored here to impersonate browsers with older ciphers. They are
+    // not expected to actually work; but just to be included in the TLS
+    // Client Hello.
+
+    // HMAC based TLS v1.2 ciphersuites from RFC5289
+
+    // Cipher C023
+    {
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA256,
+     SSL_HANDSHAKE_MAC_SHA256,
+    },
+    // Cipher C024
+    {
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA384,
+     SSL_HANDSHAKE_MAC_SHA384,
+    },
+
     // Cipher C027
@@ -349,2 +443,14 @@
 
+    // Cipher C028
+    {
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     SSL_HANDSHAKE_MAC_SHA384,
+    },
+
     // GCM based TLS v1.2 ciphersuites from RFC 5289
@@ -555,2 +661,7 @@
     {"SHA1", ~0u, ~0u, ~0u, SSL_SHA1, 0},
+    // curl-impersonate:
+    // Removed in https://boringssl-review.googlesource.com/c/boringssl/+/27944/
+    // but restored to impersonate browsers with older ciphers.
+    {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
+    {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
     {"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
@@ -1170,2 +1281,10 @@
       SSL3_CK_RSA_DES_192_CBC3_SHA & 0xffff,
+      // curl-impersonate: add legacy cipehrs.
+      TLS1_CK_RSA_WITH_AES_128_SHA256 & 0xffff,
+      TLS1_CK_RSA_WITH_AES_256_SHA256 & 0xffff,
+      0x0300C008 & 0xffff,
+      0x0300C012 & 0xffff,
+      TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 & 0xffff,
+      TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 & 0xffff,
+      TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 & 0xffff,
   };
diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/src/ssl/ssl_privkey.cc boringssl/src/ssl/ssl_privkey.cc
--- boringssl-d24a38200fef19150eef00cad35b138936c08767/src/ssl/ssl_privkey.cc	2023-09-27 05:13:00.000000000 +0300
+++ boringssl/src/ssl/ssl_privkey.cc	2024-02-29 21:26:15.518023534 +0200
@@ -560,40 +560,45 @@
 
-static int compare_uint16_t(const void *p1, const void *p2) {
-  uint16_t u1 = *((const uint16_t *)p1);
-  uint16_t u2 = *((const uint16_t *)p2);
-  if (u1 < u2) {
-    return -1;
-  } else if (u1 > u2) {
-    return 1;
-  } else {
-    return 0;
-  }
-}
-
-static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
-  if (in_sigalgs.size() < 2) {
-    return true;
-  }
-
-  Array<uint16_t> sigalgs;
-  if (!sigalgs.CopyFrom(in_sigalgs)) {
-    return false;
-  }
-
-  qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t);
-
-  for (size_t i = 1; i < sigalgs.size(); i++) {
-    if (sigalgs[i - 1] == sigalgs[i]) {
-      OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM);
-      return false;
-    }
-  }
-
-  return true;
-}
+// curl-impersonate: Remove the uniqueness check. Older Safari versions (15)
+// send out duplicated algorithm prefs.
+// static int compare_uint16_t(const void *p1, const void *p2) {
+//   uint16_t u1 = *((const uint16_t *)p1);
+//   uint16_t u2 = *((const uint16_t *)p2);
+//   if (u1 < u2) {
+//     return -1;
+//   } else if (u1 > u2) {
+//     return 1;
+//   } else {
+//     return 0;
+//   }
+// }
+
+// static bool sigalgs_unique(Span<const uint16_t> in_sigalgs) {
+//   if (in_sigalgs.size() < 2) {
+//     return true;
+//   }
+// 
+//   Array<uint16_t> sigalgs;
+//   if (!sigalgs.CopyFrom(in_sigalgs)) {
+//     return false;
+//   }
+// 
+//   qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t);
+// 
+//   for (size_t i = 1; i < sigalgs.size(); i++) {
+//     if (sigalgs[i - 1] == sigalgs[i]) {
+//       OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM);
+//       return false;
+//     }
+//   }
+// 
+//   return true;
+// }
 
 static bool set_sigalg_prefs(Array<uint16_t> *out, Span<const uint16_t> prefs) {
-  if (!sigalgs_unique(prefs)) {
-    return false;
-  }
+  // curl-impersonate: Remove the uniqueness check. Older Safari versions (15)
+  // send out duplicated algorithm prefs.
+
+  // if (!sigalgs_unique(prefs)) {
+  //   return false;
+  // }