diff options
Diffstat (limited to 'qmail-smtpd.c')
| -rw-r--r-- | qmail-smtpd.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 1c26031..de125b8 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -1370,8 +1370,6 @@ void tls_init() | |||
| 1370 | /* a new SSL context with the bare minimum of options */ | 1370 | /* a new SSL context with the bare minimum of options */ |
| 1371 | ctx = SSL_CTX_new(TLS_server_method()); | 1371 | ctx = SSL_CTX_new(TLS_server_method()); |
| 1372 | if (!ctx) { tls_err("unable to initialize ctx"); return; } | 1372 | if (!ctx) { tls_err("unable to initialize ctx"); return; } |
| 1373 | SSL_CTX_set_min_proto_version(ctx, (*childargs) ? TLS1_2_VERSION : TLS1_VERSION); | ||
| 1374 | if (!*childargs) SSL_CTX_set_security_level(ctx, 0); | ||
| 1375 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | | 1373 | SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 1376 | SSL_OP_PRIORITIZE_CHACHA); | 1374 | SSL_OP_PRIORITIZE_CHACHA); |
| 1377 | /* TLS renegotiation is possible cpu resource attack */ | 1375 | /* TLS renegotiation is possible cpu resource attack */ |