Displaying 2 results from an estimated 2 matches for "master_service_ssl_default_setti".
2016 Nov 15
1
[PATCH] ssl: fix reference to SSLv2 and disable SSLv3
...--git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index 4a05045..6b43f6c 100644
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -44,7 +44,11 @@ static const struct master_service_ssl_settings master_service_ssl_default_setti
.ssl_key = "",
.ssl_key_password = "",
.ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
- .ssl_protocols = "!SSLv2",
+#ifdef SSL_TXT_SSLV2
+ .ssl_protocols = "!SSLv2 !SSLv3",
+#else
+ .ssl_protocols = "!SSLv3",
+#endif
.ssl_cert_u...
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients