tcpd/libcouriertls.c: disable SSLv3

author: Sam Varshavchik 2014-10-15 20:42:02 -0400
committer: Sam Varshavchik 2014-10-15 20:42:02 -0400
commit: 9205c02c97e2838ee9e20967d585ffdfa113b151 (patch)
tree: ec8763387c1533ff9d2df8e24d17fd64b475be47
parent: 28ae4ee8a5a4a39cf262dd9aa1916e51d2c83bfa (diff)
download: courier-libs-9205c02c97e2838ee9e20967d585ffdfa113b151.tar.bz2
2 files changed, 6 insertions, 1 deletions
diff --git a/imap/ChangeLog b/imap/ChangeLog
index 8f14791..e08cdd2 100644
--- a/imap/ChangeLog
+++ b/imap/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-15  Rob Austein <sra@hactrn.net>
+
+	* libs/tcpd/libcouriertls.c (tls_create): Set SSL_OP_NOSSLv3 flag,
+	to disable SSL3 support.
+
 2014-10-11  Sam Varshavchik  <mrsam@courier-mta.com>
 
 	* mkdhparams: TLS_DHPARAMS environmnt variable overrides default
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 6ca874e..1f5b0b2 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -545,7 +545,7 @@ SSL_CTX *tls_create(int isserver, const struct tls_info *info)
 	if (!method)
 	{
 		method=SSLv23_method();
-		options|=SSL_OP_NO_SSLv2;
+		options|=SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
 	}
 
 	ctx=SSL_CTX_new(method);
author	Sam Varshavchik	2014-10-15 20:42:02 -0400
committer	Sam Varshavchik	2014-10-15 20:42:02 -0400
commit	9205c02c97e2838ee9e20967d585ffdfa113b151 (patch)
tree	ec8763387c1533ff9d2df8e24d17fd64b475be47
parent	28ae4ee8a5a4a39cf262dd9aa1916e51d2c83bfa (diff)
download	courier-libs-9205c02c97e2838ee9e20967d585ffdfa113b151.tar.bz2