summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--qmail-remote.c1
-rw-r--r--qmail-smtpd.c2
2 files changed, 0 insertions, 3 deletions
diff --git a/qmail-remote.c b/qmail-remote.c
index a743e06..14114cf 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -487,7 +487,6 @@ static int tls_init(struct ip_mx *current_mx)
487 smtptext.len = 0; 487 smtptext.len = 0;
488 tls_quit_error("ZTLS error initializing ctx"); 488 tls_quit_error("ZTLS error initializing ctx");
489 } 489 }
490 SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
491 /* TLS renegotiation is possible cpu resource attack */ 490 /* TLS renegotiation is possible cpu resource attack */
492 SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); 491 SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
493 /* SMTP does not suffer from truncation attacks due to its application framing */ 492 /* SMTP does not suffer from truncation attacks due to its application framing */
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 1c26031..de125b8 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -1370,8 +1370,6 @@ void tls_init()
1370 /* a new SSL context with the bare minimum of options */ 1370 /* a new SSL context with the bare minimum of options */
1371 ctx = SSL_CTX_new(TLS_server_method()); 1371 ctx = SSL_CTX_new(TLS_server_method());
1372 if (!ctx) { tls_err("unable to initialize ctx"); return; } 1372 if (!ctx) { tls_err("unable to initialize ctx"); return; }
1373 SSL_CTX_set_min_proto_version(ctx, (*childargs) ? TLS1_2_VERSION : TLS1_VERSION);
1374 if (!*childargs) SSL_CTX_set_security_level(ctx, 0);
1375 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | 1373 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE |
1376 SSL_OP_PRIORITIZE_CHACHA); 1374 SSL_OP_PRIORITIZE_CHACHA);
1377 /* TLS renegotiation is possible cpu resource attack */ 1375 /* TLS renegotiation is possible cpu resource attack */
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 21:32:42 +0000