From 6ce418f63ceeda3d02246c6044c969d5f8f08b26 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Mon, 17 Sep 2018 18:01:21 +0200
Subject: Enable PRIORITIZE_CHACHA per default

---
 qmail-remote.c | 2 +-
 qmail-smtpd.c  | 5 +++--
 realrcptto.c   | 2 ++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/qmail-remote.c b/qmail-remote.c
index 94bb69f..58437da 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -486,7 +486,7 @@ int tls_init()
     smtptext.len = 0;
     tls_quit_error("ZTLS error initializing ctx");
   }
-  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
 
   if (servercert) {
     if (!SSL_CTX_load_verify_locations(ctx, servercert, NULL)) {
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 5b862a0..d5be4af 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -1432,8 +1432,9 @@ void tls_init()
   /* a new SSL context with the bare minimum of options */
   ctx = SSL_CTX_new(SSLv23_server_method());
   if (!ctx) { tls_err("unable to initialize ctx"); return; }
-  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
-                           SSL_OP_CIPHER_SERVER_PREFERENCE);
+  SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3 |
+                           SSL_OP_CIPHER_SERVER_PREFERENCE |
+                           SSL_OP_PRIORITIZE_CHACHA);
 
   if (!SSL_CTX_use_certificate_chain_file(ctx, servercert))
     { SSL_CTX_free(ctx); tls_err("missing certificate"); return; }
diff --git a/realrcptto.c b/realrcptto.c
index e211654..93a7aad 100644
--- a/realrcptto.c
+++ b/realrcptto.c
@@ -2,6 +2,7 @@
 #include <sys/stat.h>
 #include <stdlib.h>
 #include <pwd.h>
+#include <string.h>
 #include "auto_break.h"
 #include "auto_usera.h"
 #include "byte.h"
@@ -17,6 +18,7 @@
 #include "substdio.h"
 #include "env.h"
 #include "slurpclose.h"
+#include "control.h"
 #include "readwrite.h"
 
 extern void die_nomem();
-- 
cgit v1.2.3