diff options
| -rw-r--r-- | qmail-remote.c | 1 | ||||
| -rw-r--r-- | qmail-smtpd.c | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/qmail-remote.c b/qmail-remote.c index 4119228..02c69e3 100644 --- a/qmail-remote.c +++ b/qmail-remote.c | |||
| @@ -472,6 +472,7 @@ int tls_init() | |||
| 472 | smtptext.len = 0; | 472 | smtptext.len = 0; |
| 473 | tls_quit_error("ZTLS error initializing ctx"); | 473 | tls_quit_error("ZTLS error initializing ctx"); |
| 474 | } | 474 | } |
| 475 | SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); | ||
| 475 | 476 | ||
| 476 | if (servercert) { | 477 | if (servercert) { |
| 477 | if (!SSL_CTX_load_verify_locations(ctx, servercert, NULL)) { | 478 | if (!SSL_CTX_load_verify_locations(ctx, servercert, NULL)) { |
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 19e7c9b..1c462b4 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1372,6 +1372,7 @@ void tls_init() | |||
| 1372 | /* a new SSL context with the bare minimum of options */ | 1372 | /* a new SSL context with the bare minimum of options */ |
| 1373 | ctx = SSL_CTX_new(SSLv23_server_method()); | 1373 | ctx = SSL_CTX_new(SSLv23_server_method()); |
| 1374 | if (!ctx) { tls_err("unable to initialize ctx"); return; } | 1374 | if (!ctx) { tls_err("unable to initialize ctx"); return; } |
| 1375 | SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); | ||
| 1375 | 1376 | ||
| 1376 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) | 1377 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) |
| 1377 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } | 1378 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } |