From ce127a9f60974d034e8dc84513da538d78884485 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Thu, 17 Aug 2023 00:12:28 +0200
Subject: qmail-smtpd: reduce security level to 0 on port 25

---
 qmail-smtpd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 5c28cf2..1951839 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -1334,8 +1334,8 @@ void tls_init()
   /* a new SSL context with the bare minimum of options */
   ctx = SSL_CTX_new(TLS_server_method());
   if (!ctx) { tls_err("unable to initialize ctx"); return; }
-  int min_ssl_version = (*childargs) ? TLS1_2_VERSION : TLS1_VERSION;
-  SSL_CTX_set_min_proto_version(ctx, min_ssl_version);
+  SSL_CTX_set_min_proto_version(ctx, (*childargs) ? TLS1_2_VERSION : TLS1_VERSION);
+  if (!*childargs) SSL_CTX_set_security_level(ctx, 0);
   SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE |
                            SSL_OP_PRIORITIZE_CHACHA);
   /* TLS renegotiation is possible cpu resource attack */
-- 
cgit v1.2.3