diff options
| author | Sam Varshavchik | 2015-05-22 07:14:27 -0400 |
|---|---|---|
| committer | Sam Varshavchik | 2015-05-22 07:14:27 -0400 |
| commit | d4d0683714b8d6ec02c9db26cc7e371a1dde0269 (patch) | |
| tree | 9fb4f3ecc6cb29bb128b9a6a49d436cae4e5577f | |
| parent | 88e64590c753a109f263186706b6458e486a7c14 (diff) | |
| download | courier-libs-d4d0683714b8d6ec02c9db26cc7e371a1dde0269.tar.bz2 | |
Drop SSLV3
| -rw-r--r-- | imap/ChangeLog | 4 | ||||
| -rw-r--r-- | imap/imapd-ssl.dist.in.git | 4 | ||||
| -rw-r--r-- | imap/pop3d-ssl.dist.in.git | 2 | ||||
| -rw-r--r-- | tcpd/libcouriertls.c | 8 |
4 files changed, 11 insertions, 7 deletions
diff --git a/imap/ChangeLog b/imap/ChangeLog index 95e020f..7730955 100644 --- a/imap/ChangeLog +++ b/imap/ChangeLog @@ -1,3 +1,7 @@ +2015-05-22 Sam Varshavchik <mrsam@courier-mta.com> + + * Drop SSLv3 from TLS_CIPHER_LIST. + 4.16.1 2015-04-25 Giovanni Bechis <giovanni@openbsd.org> diff --git a/imap/imapd-ssl.dist.in.git b/imap/imapd-ssl.dist.in.git index b0d68bc..7fede5d 100644 --- a/imap/imapd-ssl.dist.in.git +++ b/imap/imapd-ssl.dist.in.git @@ -155,7 +155,7 @@ COURIERTLS=@bindir@/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # @@ -192,7 +192,7 @@ COURIERTLS=@bindir@/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # diff --git a/imap/pop3d-ssl.dist.in.git b/imap/pop3d-ssl.dist.in.git index 9e81ee8..89d6e7d 100644 --- a/imap/pop3d-ssl.dist.in.git +++ b/imap/pop3d-ssl.dist.in.git @@ -140,7 +140,7 @@ COURIERTLS=@bindir@/couriertls # # OpenSSL: # -# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" +# TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH" # # GnuTLS: # diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c index 886e27e..2fe6ed1 100644 --- a/tcpd/libcouriertls.c +++ b/tcpd/libcouriertls.c @@ -173,7 +173,7 @@ static int verifypeer(const struct tls_info *info, SSL *ssl) } } - + nentries=0; if (subj) nentries=X509_NAME_entry_count(subj); @@ -569,7 +569,7 @@ SSL_CTX *tls_create(int isserver, const struct tls_info *info) SSL_CTX_set_options(ctx, options); if (!ssl_cipher_list) - ssl_cipher_list="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"; + ssl_cipher_list="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"; SSL_CTX_set_cipher_list(ctx, ssl_cipher_list); SSL_CTX_set_timeout(ctx, session_timeout); @@ -1313,13 +1313,13 @@ static void dump_x509(X509 *x509, dlen=ASN1_STRING_length(d); ddata=ASN1_STRING_data(d); - + (*dump_func)(" ", -1, dump_arg); (*dump_func)(obj_name, -1, dump_arg); (*dump_func)("=", 1, dump_arg); (*dump_func)((const char *)ddata, dlen, dump_arg); (*dump_func)("\n", 1, dump_arg); - + } (*dump_func)("\n", 1, dump_arg); |