diff options
| author | manuel <manuel@mausz.at> | 2025-01-22 14:12:55 +0100 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2025-01-22 14:12:55 +0100 |
| commit | a77adb886ef7ed2efa8441dcd823d5f7e3f97183 (patch) | |
| tree | 1d5997ac846122780ffcb8feecb20b6e7efc20d7 /qmail-smtpd.c | |
| parent | ec29722d8b6b90d1a0368542a5de991599e30adc (diff) | |
| download | qmail-a77adb886ef7ed2efa8441dcd823d5f7e3f97183.tar.gz qmail-a77adb886ef7ed2efa8441dcd823d5f7e3f97183.tar.bz2 qmail-a77adb886ef7ed2efa8441dcd823d5f7e3f97183.zip | |
Do not enable legacy TLS version any longer
Diffstat (limited to 'qmail-smtpd.c')
| -rw-r--r-- | qmail-smtpd.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 1c26031..de125b8 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1370,8 +1370,6 @@ void tls_init() | |||
| 1370 | /* a new SSL context with the bare minimum of options */ | 1370 | /* a new SSL context with the bare minimum of options */ |
| 1371 | ctx = SSL_CTX_new(TLS_server_method()); | 1371 | ctx = SSL_CTX_new(TLS_server_method()); |
| 1372 | if (!ctx) { tls_err("unable to initialize ctx"); return; } | 1372 | if (!ctx) { tls_err("unable to initialize ctx"); return; } |
| 1373 | SSL_CTX_set_min_proto_version(ctx, (*childargs) ? TLS1_2_VERSION : TLS1_VERSION); | ||
| 1374 | if (!*childargs) SSL_CTX_set_security_level(ctx, 0); | ||
| 1375 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | | 1373 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 1376 | SSL_OP_PRIORITIZE_CHACHA); | 1374 | SSL_OP_PRIORITIZE_CHACHA); |
| 1377 | /* TLS renegotiation is possible cpu resource attack */ | 1375 | /* TLS renegotiation is possible cpu resource attack */ |