Enable PRIORITIZE_CHACHA per default

3 files changed, 6 insertions, 3 deletions

diff --git a/qmail-remote.c b/qmail-remote.c
index 94bb69f..58437da 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -486,7 +486,7 @@ int tls_init()
     smtptext.len = 0;
     tls_quit_error("ZTLS error initializing ctx");
   }
-  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
 
   if (servercert) {
     if (!SSL_CTX_load_verify_locations(ctx, servercert, NULL)) {
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 5b862a0..d5be4af 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -1432,8 +1432,9 @@ void tls_init()
   /* a new SSL context with the bare minimum of options */
   ctx = SSL_CTX_new(SSLv23_server_method());
   if (!ctx) { tls_err("unable to initialize ctx"); return; }
-  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
-                           SSL_OP_CIPHER_SERVER_PREFERENCE);
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3 |
+                           SSL_OP_CIPHER_SERVER_PREFERENCE |
+                           SSL_OP_PRIORITIZE_CHACHA);
 
   if (!SSL_CTX_use_certificate_chain_file(ctx, servercert))
     { SSL_CTX_free(ctx); tls_err("missing certificate"); return; }
diff --git a/realrcptto.c b/realrcptto.c
index e211654..93a7aad 100644
--- a/realrcptto.c
+++ b/realrcptto.c
@@ -2,6 +2,7 @@
 #include <sys/stat.h>
 #include <stdlib.h>
 #include <pwd.h>
+#include <string.h>
 #include "auto_break.h"
 #include "auto_usera.h"
 #include "byte.h"
@@ -17,6 +18,7 @@
 #include "substdio.h"
 #include "env.h"
 #include "slurpclose.h"
+#include "control.h"
 #include "readwrite.h"
 
 extern void die_nomem();