diff options
Diffstat (limited to 'qmail-smtpd.c')
| -rw-r--r-- | qmail-smtpd.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index fcda68c..1036eef 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1460,11 +1460,10 @@ void tls_init() | |||
| 1460 | /* a new SSL context with the bare minimum of options */ | 1460 | /* a new SSL context with the bare minimum of options */ |
| 1461 | ctx = SSL_CTX_new(SSLv23_server_method()); | 1461 | ctx = SSL_CTX_new(SSLv23_server_method()); |
| 1462 | if (!ctx) { tls_err("unable to initialize ctx"); return; } | 1462 | if (!ctx) { tls_err("unable to initialize ctx"); return; } |
| 1463 | SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3 | | 1463 | int min_ssl_version = (*childargs) ? TLS1_2_VERSION : TLS1_VERSION; |
| 1464 | SSL_OP_CIPHER_SERVER_PREFERENCE | | 1464 | SSL_CTX_set_min_proto_version(ctx, min_ssl_version); |
| 1465 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | | ||
| 1465 | SSL_OP_PRIORITIZE_CHACHA); | 1466 | SSL_OP_PRIORITIZE_CHACHA); |
| 1466 | if (*childargs) | ||
| 1467 | SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); | ||
| 1468 | 1467 | ||
| 1469 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) | 1468 | if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) |
| 1470 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } | 1469 | { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } |