2 files changed, 22 insertions, 1 deletions

diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 39c7d49..7c42f19 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -67,11 +67,15 @@ struct proto_ops {
 #define SSL_OP_NO_RENEGOTIATION 0
 #endif
 
+#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE
+#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
+#endif
+
 struct proto_ops op_list[] =
 {
 #ifdef SSL_OP_NO_TLSv1
 #ifdef SSL_OP_NO_TLSv1_1
-    { "TLSv1.2++", &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION },
+    { "TLSv1.2++", &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_RENEGOTIATION|SSL_OP_CIPHER_SERVER_PREFERENCE},
     { "TLSv1.2+",  &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 },
     { "TLSv1.2",   &SSLv23_method,  SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 },
 #endif
diff --git a/tcpd/starttls.c b/tcpd/starttls.c
index 76fcf3b..6e6229b 100644
--- a/tcpd/starttls.c
+++ b/tcpd/starttls.c
@@ -20,6 +20,7 @@
 #include	<stdlib.h>
 #include	<ctype.h>
 #include	<netdb.h>
+#include	<signal.h>
 #if HAVE_DIRENT_H
 #include <dirent.h>
 #define NAMLEN(dirent) strlen((dirent)->d_name)
@@ -526,6 +527,21 @@ static int connect_completed(ssl_handle ssl, int fd)
 	return (1);
 }
 
+static void child_handler()
+{
+	alarm(10);
+}
+
+static void trapexit()
+{
+	struct sigaction sa;
+
+	memset(&sa, 0, sizeof(sa));
+
+	sa.sa_handler=child_handler;
+	sigaction(SIGCHLD, &sa, NULL);
+}
+
 static int dossl(int fd, int argn, int argc, char **argv)
 {
 	ssl_context ctx;
@@ -563,6 +579,7 @@ static int dossl(int fd, int argn, int argc, char **argv)
 	}
 
 	startclient(argn, argc, argv, fd, &stdin_fd, &stdout_fd);
+	trapexit();
 
 	if (username)
 		libmail_changeusername(username, 0);