[exim-cvs] New openssl_options items: no_sslv2 no_sslv3 no_t…

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
Gitweb: http://git.exim.org/exim.git/commitdiff/c0c7b2dab3cf3ecba52430cd61d52f0463aa0eb1
Commit:     c0c7b2dab3cf3ecba52430cd61d52f0463aa0eb1
Parent:     754a0503134b184183f64c04ed30a3524fc3860b
Author:     Phil Pennock <pdp@???>
AuthorDate: Tue Mar 22 08:35:54 2011 -0400
Committer:  Phil Pennock <pdp@???>
CommitDate: Tue Mar 22 08:35:54 2011 -0400


    New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1


    (no changes to any defaults).
---
 doc/doc-txt/ChangeLog |    2 ++
 src/src/tls-openssl.c |   14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 8200163..14dac29 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -11,6 +11,8 @@ PP/01 The new ldap_require_cert option would segfault if used.  Fixed.
 PP/02 Harmonised TLS library version reporting; only show if debugging.
       Layout now matches that introduced for other libraries in 4.74 PP/03.


+PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
+

Exim version 4.75
-----------------
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e9628ba..9a37990 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1180,7 +1180,7 @@ all options unless explicitly for DTLS, let the administrator choose which
to apply.

This list is current as of:
- ==> 0.9.8n <== */
+ ==> 1.0.0c <== */
static struct exim_openssl_option exim_openssl_options[] = {
/* KEEP SORTED ALPHABETICALLY! */
#ifdef SSL_OP_ALL
@@ -1219,6 +1219,18 @@ static struct exim_openssl_option exim_openssl_options[] = {
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
{ US"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
#endif
+#ifdef SSL_OP_NO_SSLv2
+ { US"no_sslv2", SSL_OP_NO_SSLv2 },
+#endif
+#ifdef SSL_OP_NO_SSLv3
+ { US"no_sslv3", SSL_OP_NO_SSLv3 },
+#endif
+#ifdef SSL_OP_NO_TICKET
+ { US"no_ticket", SSL_OP_NO_TICKET },
+#endif
+#ifdef SSL_OP_NO_TLSv1
+ { US"no_tlsv1", SSL_OP_NO_TLSv1 },
+#endif
#ifdef SSL_OP_SINGLE_DH_USE
{ US"single_dh_use", SSL_OP_SINGLE_DH_USE },
#endif