1 files changed, 2 insertions, 0 deletions
diff --git a/qmail-remote.c b/qmail-remote.c
index d0f2fc3..125d813 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -470,6 +470,8 @@ static int tls_init(struct ip_mx *current_mx)
  SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
  /* TLS renegotiation is possible cpu resource attack */
  SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
+  /* SMTP does not suffer from truncation attacks due to its application framing */
+  SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
  /* we verify ourself below. see SSL_get_verify_result */
  SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);

diff --git a/qmail-remote.c b/qmail-remote.c index d0f2fc3..125d813 100644 --- a/qmail-remote.c +++ b/qmail-remote.c
@@ -470,6 +470,8 @@ static int tls_init(struct ip_mx *current_mx)
470	SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);	470	SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
471	/* TLS renegotiation is possible cpu resource attack */	471	/* TLS renegotiation is possible cpu resource attack */
472	SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);	472	SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
		473	/* SMTP does not suffer from truncation attacks due to its application framing */
		474	SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
473		475
474	/* we verify ourself below. see SSL_get_verify_result */	476	/* we verify ourself below. see SSL_get_verify_result */
475	SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);	477	SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);