From c0c7b2dab3cf3ecba52430cd61d52f0463aa0eb1 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Tue, 22 Mar 2011 08:35:54 -0400 Subject: [PATCH] New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 (no changes to any defaults). --- doc/doc-txt/ChangeLog | 2 ++ src/src/tls-openssl.c | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 820016310..14dac2946 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -11,6 +11,8 @@ PP/01 The new ldap_require_cert option would segfault if used. Fixed. PP/02 Harmonised TLS library version reporting; only show if debugging. Layout now matches that introduced for other libraries in 4.74 PP/03. +PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 + Exim version 4.75 ----------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index e9628ba29..9a3799085 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1180,7 +1180,7 @@ all options unless explicitly for DTLS, let the administrator choose which to apply. This list is current as of: - ==> 0.9.8n <== */ + ==> 1.0.0c <== */ static struct exim_openssl_option exim_openssl_options[] = { /* KEEP SORTED ALPHABETICALLY! */ #ifdef SSL_OP_ALL @@ -1219,6 +1219,18 @@ static struct exim_openssl_option exim_openssl_options[] = { #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION { US"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION }, #endif +#ifdef SSL_OP_NO_SSLv2 + { US"no_sslv2", SSL_OP_NO_SSLv2 }, +#endif +#ifdef SSL_OP_NO_SSLv3 + { US"no_sslv3", SSL_OP_NO_SSLv3 }, +#endif +#ifdef SSL_OP_NO_TICKET + { US"no_ticket", SSL_OP_NO_TICKET }, +#endif +#ifdef SSL_OP_NO_TLSv1 + { US"no_tlsv1", SSL_OP_NO_TLSv1 }, +#endif #ifdef SSL_OP_SINGLE_DH_USE { US"single_dh_use", SSL_OP_SINGLE_DH_USE }, #endif -- 2.25.1