Displaying 6 results from an estimated 6 matches for "master_service_ssl_settings".
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
...le
security for AES-256 cipher suites.
diff -r 1fbac590b9d4 -r ccd83f38e4b4 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Fri Jun 28 19:48:37 2013 +0300
+++ b/src/login-common/ssl-proxy-openssl.c Sat Jul 06 14:46:16 2013 +1000
@@ -119,6 +119,10 @@
const struct master_service_ssl_settings *ssl_set);
static void ssl_server_context_deinit(struct ssl_server_context **_ctx);
+static void ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
+ const struct master_service_ssl_settings *set);
+static int ssl_proxy_ctx_get_pkey_ec_curve_name(const s...
2016 Nov 15
1
[PATCH] ssl: fix reference to SSLv2 and disable SSLv3
...!LOW:!SSLv2:!EXP:!aNULL
diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index 4a05045..6b43f6c 100644
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -44,7 +44,11 @@ static const struct master_service_ssl_settings master_service_ssl_default_setti
.ssl_key = "",
.ssl_key_password = "",
.ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
- .ssl_protocols = "!SSLv2",
+#ifdef SSL_TXT_SSLV2
+ .ssl_protocols = "!SSLv2 !SSLv3",
+#else
+ .ssl_protocols = "!S...
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
...-service-ssl-settings.c | 2 ++
src/lib-master/master-service-ssl-settings.h | 1 +
src/login-common/ssl-proxy-openssl.c | 15 ++++++++++++++-
4 files changed, 18 insertions(+), 1 deletion(-)
--- a/src/config/all-settings.c
+++ b/src/config/all-settings.c
@@ -308,6 +308,7 @@ struct master_service_ssl_settings {
const char *ssl_cert_username_field;
const char *ssl_crypto_device;
const char *ssl_options;
+ const char *ssl_lowest_version;
bool ssl_verify_client_cert;
bool ssl_require_crl;
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -2...
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...+ ret = SSL_CTX_load_verify_locations(ssl_ctx, ca, NULL);
+ }
+ if (!ret) {
+ i_fatal("SSL_CTX_load_verify_locations() failed: %s", ssl_last_error());
}
- sk_X509_INFO_pop_free(inf, X509_INFO_free);
}
-static STACK_OF(X509_NAME) *
-ssl_proxy_ctx_init(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set,
- bool load_xnames)
+static void
+ssl_proxy_ctx_init(SSL_CTX *ssl_ctx, const struct master_service_ssl_settings *set)
{
- X509_STORE *store;
- STACK_OF(X509_NAME) *xnames = NULL;
-
/* enable all SSL workarounds, except empty fragments as it
makes SSL more vulnerable against attack...
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients
2020 Sep 24
3
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
...",
set->ciphersuites, openssl_iostream_error());
return -1;
}
}
#endif
...
suggests that ciphersuite support exists.
bug, checking in
./src/lib-master/master-service-ssl.c
...
void master_service_ssl_ctx_init(struct master_service *service)
{
const struct master_service_ssl_settings *set;
struct ssl_iostream_settings ssl_set;
const char *error;
if (service->ssl_ctx_initialized)
return;
service->ssl_ctx_initialized = TRUE;
/* must be called after master_service_init_finish() so that if
initialization fails we can close the SSL listeners */
i_ass...