OpenSSL 1.1 compatibility

This adds compatibility for OpenSSL 1.1 Since renegotiation is removed from TLS 1.3 we also removed support for authentication via client certificates (control/tlsclients). In general this is still supported by TLS 1.3 however I'm just lazy and we don't need this feature anyway. This also adds optional support for OpenSSL configuration commands for qmail-smtpd and qmail-remote. Commands are loaded from control/opensslconf. For a list of supported commands see https://www.openssl.org/docs/man1.0.2/ssl/SSL_CONF_cmd.html#SUPPORTED-CONFIGURATION-FILE-COMMANDS
author: Manuel Mausz <manuel@mausz.at> 2018-06-27 01:06:16 +0200
committer: manuel <manuel@mausz.at> 2018-06-27 01:15:54 +0200
commit: 7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1 (patch)
tree: 4552a41d0ff55b69303ca8c6070ec9f6be1819fe /README.starttls
parent: d382146c1145dcd3a4108f1b753fcb1250fd9750 (diff)
download: qmail-7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1.tar.gz
qmail-7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1.tar.bz2
qmail-7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1.zip
1 files changed, 0 insertions, 10 deletions
diff --git a/README.starttls b/README.starttls
index 07ee275..6168c6d 100644
--- a/README.starttls
+++ b/README.starttls
@@ -42,16 +42,6 @@ Optional: - when DEBUG is defined, some extra TLS info will be logged
            an exhaustive list of hosts TLS is tried on.
            If /var/qmail/control/notlshosts/host.dom.ain is present,
            no TLS is tried on this host.
-          - client authentication:
-            when relay rules would reject an incoming mail, 
-            qmail-smtpd can allow the mail based on a presented cert.
-            Certs are verified against a CA list in 
-            /var/qmail/control/clientca.pem (eg. http://www.modssl.org/
-            source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/ca-bundle.crt)
-            and the cert email-address has to match a line in
-            /var/qmail/control/tlsclients. This email-address is logged
-            in the headers. CRLs can be provided through 
-            /var/qmail/control/clientcrl.pem.
          - cipher selection:
            qmail-remote: 
              openssl cipher string (`man ciphers`) read from
author	Manuel Mausz <manuel@mausz.at>	2018-06-27 01:06:16 +0200
committer	manuel <manuel@mausz.at>	2018-06-27 01:15:54 +0200
commit	7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1 (patch)
tree	4552a41d0ff55b69303ca8c6070ec9f6be1819fe /README.starttls
parent	d382146c1145dcd3a4108f1b753fcb1250fd9750 (diff)
download	qmail-7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1.tar.gz qmail-7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1.tar.bz2 qmail-7ec4ffbdbc562c4a2909d9bf4f3093072e0e3ac1.zip

diff --git a/README.starttls b/README.starttls index 07ee275..6168c6d 100644 --- a/README.starttls +++ b/README.starttls
@@ -42,16 +42,6 @@ Optional: - when DEBUG is defined, some extra TLS info will be logged
42	an exhaustive list of hosts TLS is tried on.	42	an exhaustive list of hosts TLS is tried on.
43	If /var/qmail/control/notlshosts/host.dom.ain is present,	43	If /var/qmail/control/notlshosts/host.dom.ain is present,
44	no TLS is tried on this host.	44	no TLS is tried on this host.
45	- client authentication:
46	when relay rules would reject an incoming mail,
47	qmail-smtpd can allow the mail based on a presented cert.
48	Certs are verified against a CA list in
49	/var/qmail/control/clientca.pem (eg. http://www.modssl.org/
50	source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.sslcfg/ca-bundle.crt)
51	and the cert email-address has to match a line in
52	/var/qmail/control/tlsclients. This email-address is logged
53	in the headers. CRLs can be provided through
54	/var/qmail/control/clientcrl.pem.
55	- cipher selection:	45	- cipher selection:
56	qmail-remote:	46	qmail-remote:
57	openssl cipher string (`man ciphers`) read from	47	openssl cipher string (`man ciphers`) read from