1 files changed, 2 insertions, 2 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 5c28cf2..1951839 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -1334,8 +1334,8 @@ void tls_init()
  /* a new SSL context with the bare minimum of options */
  ctx = SSL_CTX_new(TLS_server_method());
  if (!ctx) { tls_err("unable to initialize ctx"); return; }
-  int min_ssl_version = (*childargs) ? TLS1_2_VERSION : TLS1_VERSION;
+  SSL_CTX_set_min_proto_version(ctx, (*childargs) ? TLS1_2_VERSION : TLS1_VERSION);
-  SSL_CTX_set_min_proto_version(ctx, min_ssl_version);
+  if (!*childargs) SSL_CTX_set_security_level(ctx, 0);
  SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE |
                           SSL_OP_PRIORITIZE_CHACHA);
  /* TLS renegotiation is possible cpu resource attack */

diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 5c28cf2..1951839 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c
@@ -1334,8 +1334,8 @@ void tls_init()
1334	/* a new SSL context with the bare minimum of options */	1334	/* a new SSL context with the bare minimum of options */
1335	ctx = SSL_CTX_new(TLS_server_method());	1335	ctx = SSL_CTX_new(TLS_server_method());
1336	if (!ctx) { tls_err("unable to initialize ctx"); return; }	1336	if (!ctx) { tls_err("unable to initialize ctx"); return; }
1337	int min_ssl_version = (*childargs) ? TLS1_2_VERSION : TLS1_VERSION;	1337	SSL_CTX_set_min_proto_version(ctx, (*childargs) ? TLS1_2_VERSION : TLS1_VERSION);
1338	SSL_CTX_set_min_proto_version(ctx, min_ssl_version);	1338	if (!*childargs) SSL_CTX_set_security_level(ctx, 0);
1339	SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE \|	1339	SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE \|
1340	SSL_OP_PRIORITIZE_CHACHA);	1340	SSL_OP_PRIORITIZE_CHACHA);
1341	/* TLS renegotiation is possible cpu resource attack */	1341	/* TLS renegotiation is possible cpu resource attack */