diff options
| author | manuel <manuel@mausz.at> | 2023-08-10 12:49:47 +0200 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2023-08-10 12:49:47 +0200 |
| commit | a341ab099e5aa53e5f69258e0c80326e01c880e8 (patch) | |
| tree | 1694f9e39d4760b2ac6ad039bf700dc16e893068 /qmail-smtpd.c | |
| parent | a292e44f38ce771dd34e56dec2886318bdaacfe8 (diff) | |
| download | qmail-a341ab099e5aa53e5f69258e0c80326e01c880e8.tar.gz qmail-a341ab099e5aa53e5f69258e0c80326e01c880e8.tar.bz2 qmail-a341ab099e5aa53e5f69258e0c80326e01c880e8.zip | |
Disable TLS renegotiation
Diffstat (limited to 'qmail-smtpd.c')
| -rw-r--r-- | qmail-smtpd.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index c4b498e..d97dfc5 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1334,6 +1334,8 @@ void tls_init() | |||
| 1334 | SSL_CTX_set_min_proto_version(ctx, min_ssl_version); | 1334 | SSL_CTX_set_min_proto_version(ctx, min_ssl_version); |
| 1335 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | | 1335 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 1336 | SSL_OP_PRIORITIZE_CHACHA); | 1336 | SSL_OP_PRIORITIZE_CHACHA); |
| 1337 | /* TLS renegotiation is possible cpu resource attack */ | ||
| 1338 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); | ||
| 1337 | 1339 | ||
| 1338 | /* set the callback here; SSL_set_verify didn't work before 0.9.6c */ | 1340 | /* set the callback here; SSL_set_verify didn't work before 0.9.6c */ |
| 1339 | SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb); | 1341 | SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb); |