diff options
| author | manuel <manuel@mausz.at> | 2025-01-22 14:12:55 +0100 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2025-01-22 14:12:55 +0100 |
| commit | a77adb886ef7ed2efa8441dcd823d5f7e3f97183 (patch) | |
| tree | 1d5997ac846122780ffcb8feecb20b6e7efc20d7 /qmail-remote.c | |
| parent | ec29722d8b6b90d1a0368542a5de991599e30adc (diff) | |
| download | qmail-a77adb886ef7ed2efa8441dcd823d5f7e3f97183.tar.gz qmail-a77adb886ef7ed2efa8441dcd823d5f7e3f97183.tar.bz2 qmail-a77adb886ef7ed2efa8441dcd823d5f7e3f97183.zip | |
Do not enable legacy TLS version any longer
Diffstat (limited to 'qmail-remote.c')
| -rw-r--r-- | qmail-remote.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/qmail-remote.c b/qmail-remote.c index a743e06..14114cf 100644 --- a/qmail-remote.c +++ b/qmail-remote.c | |||
| @@ -487,7 +487,6 @@ static int tls_init(struct ip_mx *current_mx) | |||
| 487 | smtptext.len = 0; | 487 | smtptext.len = 0; |
| 488 | tls_quit_error("ZTLS error initializing ctx"); | 488 | tls_quit_error("ZTLS error initializing ctx"); |
| 489 | } | 489 | } |
| 490 | SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); | ||
| 491 | /* TLS renegotiation is possible cpu resource attack */ | 490 | /* TLS renegotiation is possible cpu resource attack */ |
| 492 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); | 491 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); |
| 493 | /* SMTP does not suffer from truncation attacks due to its application framing */ | 492 | /* SMTP does not suffer from truncation attacks due to its application framing */ |