disable SSLv2

author: manuel <manuel@mausz.at> 2016-03-01 16:39:19 +0100
committer: manuel <manuel@mausz.at> 2016-03-01 16:39:19 +0100
commit: 08723a94ed461a2f5969b21bb4ddb9f887a21d2a (patch)
tree: 99d4e9ab71e0dea07b576766abfb7375279a072e
parent: 328b68e47ed505907d8bc9b3246bda99a83e6f42 (diff)
download: qmail-08723a94ed461a2f5969b21bb4ddb9f887a21d2a.tar.gz
qmail-08723a94ed461a2f5969b21bb4ddb9f887a21d2a.tar.bz2
qmail-08723a94ed461a2f5969b21bb4ddb9f887a21d2a.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/qmail-remote.c b/qmail-remote.c
index 4119228..02c69e3 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -472,6 +472,7 @@ int tls_init()
    smtptext.len = 0;
    tls_quit_error("ZTLS error initializing ctx");
  }
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
  if (servercert) {
    if (!SSL_CTX_load_verify_locations(ctx, servercert, NULL)) {
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 19e7c9b..1c462b4 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -1372,6 +1372,7 @@ void tls_init()
  /* a new SSL context with the bare minimum of options */
  ctx = SSL_CTX_new(SSLv23_server_method());
  if (!ctx) { tls_err("unable to initialize ctx"); return; }
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
  if (!SSL_CTX_use_certificate_chain_file(ctx, servercert))
    { SSL_CTX_free(ctx); tls_err("missing certificate"); return; }
author	manuel <manuel@mausz.at>	2016-03-01 16:39:19 +0100
committer	manuel <manuel@mausz.at>	2016-03-01 16:39:19 +0100
commit	08723a94ed461a2f5969b21bb4ddb9f887a21d2a (patch)
tree	99d4e9ab71e0dea07b576766abfb7375279a072e
parent	328b68e47ed505907d8bc9b3246bda99a83e6f42 (diff)
download	qmail-08723a94ed461a2f5969b21bb4ddb9f887a21d2a.tar.gz qmail-08723a94ed461a2f5969b21bb4ddb9f887a21d2a.tar.bz2 qmail-08723a94ed461a2f5969b21bb4ddb9f887a21d2a.zip