diff options
Diffstat (limited to 'qmail-smtpd.c')
| -rw-r--r-- | qmail-smtpd.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index d97dfc5..d02452f 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1336,6 +1336,10 @@ void tls_init() | |||
| 1336 | SSL_OP_PRIORITIZE_CHACHA); | 1336 | SSL_OP_PRIORITIZE_CHACHA); |
| 1337 | /* TLS renegotiation is possible cpu resource attack */ | 1337 | /* TLS renegotiation is possible cpu resource attack */ |
| 1338 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); | 1338 | SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); |
| 1339 | /* SMTP does not suffer from truncation attacks due to its application framing */ | ||
| 1340 | SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); | ||
| 1341 | /* reduce to one ticket */ | ||
| 1342 | SSL_CTX_set_num_tickets(ctx, 1); | ||
| 1339 | 1343 | ||
| 1340 | /* set the callback here; SSL_set_verify didn't work before 0.9.6c */ | 1344 | /* set the callback here; SSL_set_verify didn't work before 0.9.6c */ |
| 1341 | SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb); | 1345 | SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb); |