diff options
| author | manuel <manuel@mausz.at> | 2018-12-26 01:59:25 +0100 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2018-12-26 01:59:25 +0100 |
| commit | 5568b4be97963627154c8f0c6f21a9af70ca7b8a (patch) | |
| tree | ecab2129eb416f668977da5aa071fd0d8cf5d1cb | |
| parent | 52b1008b300a3bf48941ce482d5d0c8da163fe53 (diff) | |
| download | qmail-5568b4be97963627154c8f0c6f21a9af70ca7b8a.tar.gz qmail-5568b4be97963627154c8f0c6f21a9af70ca7b8a.tar.bz2 qmail-5568b4be97963627154c8f0c6f21a9af70ca7b8a.zip | |
Disable TLS 1.0 only for smtp auth/submission
| -rw-r--r-- | qmail-smtpd.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 2a1fd71..8ae6af3 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -84,6 +84,10 @@ int tls_before_auth = 0; | |||
| 84 | int smtputf8 = 0; | 84 | int smtputf8 = 0; |
| 85 | #endif | 85 | #endif |
| 86 | 86 | ||
| 87 | /* SMTP AUTH */ | ||
| 88 | int flagauth = 0; | ||
| 89 | char **childargs; | ||
| 90 | |||
| 87 | int safewrite(fd,buf,len) int fd; char *buf; int len; | 91 | int safewrite(fd,buf,len) int fd; char *buf; int len; |
| 88 | { | 92 | { |
| 89 | int r; | 93 | int r; |
| @@ -199,8 +203,6 @@ extern void realrcptto_start(); | |||
| 199 | extern int realrcptto(); | 203 | extern int realrcptto(); |
| 200 | extern int realrcptto_deny(); | 204 | extern int realrcptto_deny(); |
| 201 | 205 | ||
| 202 | int flagauth = 0; | ||
| 203 | |||
| 204 | stralloc greeting = {0}; | 206 | stralloc greeting = {0}; |
| 205 | 207 | ||
| 206 | void smtp_greet(code) char *code; | 208 | void smtp_greet(code) char *code; |
| @@ -960,7 +962,6 @@ static stralloc chal = {0}; /* plain challenge */ | |||
| 960 | static stralloc slop = {0}; /* b64 challenge */ | 962 | static stralloc slop = {0}; /* b64 challenge */ |
| 961 | #endif | 963 | #endif |
| 962 | 964 | ||
| 963 | char **childargs; | ||
| 964 | char ssauthbuf[512]; | 965 | char ssauthbuf[512]; |
| 965 | char ssauth2buf[512]; | 966 | char ssauth2buf[512]; |
| 966 | substdio ssauth = SUBSTDIO_FDBUF(safewrite,3,ssauthbuf,sizeof(ssauthbuf)); | 967 | substdio ssauth = SUBSTDIO_FDBUF(safewrite,3,ssauthbuf,sizeof(ssauthbuf)); |
| @@ -1432,9 +1433,11 @@ void tls_init() | |||
| 1432 | /* a new SSL context with the bare minimum of options */ | 1433 | /* a new SSL context with the bare minimum of options */ |
| 1433 | ctx = SSL_CTX_new(SSLv23_server_method()); | 1434 | ctx = SSL_CTX_new(SSLv23_server_method()); |
| 1434 | if (!ctx) { tls_err("unable to initialize ctx"); return; } | 1435 | if (!ctx) { tls_err("unable to initialize ctx"); return; } |
| 1435 | SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | | 1436 | SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3 | |
| 1436 | SSL_OP_CIPHER_SERVER_PREFERENCE | | 1437 | SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 1437 | SSL_OP_PRIORITIZE_CHACHA); | 1438 | SSL_OP_PRIORITIZE_CHACHA); |
| 1439 | if (*childargs) | ||
| 1440 | SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); | ||
| 1438 | 1441 | ||
| 1439 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) | 1442 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) |
| 1440 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } | 1443 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } |