diff options
| author | manuel <manuel@mausz.at> | 2023-08-10 13:19:42 +0200 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2023-08-10 13:19:42 +0200 |
| commit | 0799f399b169e81bba6f6470d1bff340f83b1b42 (patch) | |
| tree | a681abe6d50b4912b91eca3ffd871902e37441cb /qmail-remote.c | |
| parent | a341ab099e5aa53e5f69258e0c80326e01c880e8 (diff) | |
| download | qmail-0799f399b169e81bba6f6470d1bff340f83b1b42.tar.gz qmail-0799f399b169e81bba6f6470d1bff340f83b1b42.tar.bz2 qmail-0799f399b169e81bba6f6470d1bff340f83b1b42.zip | |
openssl: ignore unexpected EOF + only 1 session ticket
Diffstat (limited to 'qmail-remote.c')
| -rw-r--r-- | qmail-remote.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/qmail-remote.c b/qmail-remote.c index d0f2fc3..125d813 100644 --- a/qmail-remote.c +++ b/qmail-remote.c | |||
| @@ -470,6 +470,8 @@ static int tls_init(struct ip_mx *current_mx) | |||
| 470 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); | 470 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); |
| 471 | /* TLS renegotiation is possible cpu resource attack */ | 471 | /* TLS renegotiation is possible cpu resource attack */ |
| 472 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); | 472 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); |
| 473 | /* SMTP does not suffer from truncation attacks due to its application framing */ | ||
| 474 | SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); | ||
| 473 | 475 | ||
| 474 | /* we verify ourself below. see SSL_get_verify_result */ | 476 | /* we verify ourself below. see SSL_get_verify_result */ |
| 475 | SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); | 477 | SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); |