From 0799f399b169e81bba6f6470d1bff340f83b1b42 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Thu, 10 Aug 2023 13:19:42 +0200
Subject: openssl: ignore unexpected EOF + only 1 session ticket

---
 qmail-remote.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'qmail-remote.c')

diff --git a/qmail-remote.c b/qmail-remote.c
index d0f2fc3..125d813 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -470,6 +470,8 @@ static int tls_init(struct ip_mx *current_mx)
   SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
   /* TLS renegotiation is possible cpu resource attack */
   SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
+  /* SMTP does not suffer from truncation attacks due to its application framing */
+  SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
 
   /* we verify ourself below. see SSL_get_verify_result */
   SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-- 
cgit v1.2.3