You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

36 lines
1.3 KiB

  1. Description: Add TLSv1.1 and TLSv1.2 support
  2. Origin: vendor
  3. Bug-Debian: https://bugs.debian.org/802658
  4. Forwarded: yes
  5. Author: Salvatore Bonaccorso <carnil@debian.org>
  6. Last-Update: 2015-11-07
  7. --- a/smtp-tls.c
  8. +++ b/smtp-tls.c
  9. @@ -202,11 +202,24 @@ starttls_create_ctx (smtp_session_t sess
  10. ckf_t status;
  11. /* The decision not to support SSL v2 and v3 but instead to use only
  12. - TLSv1 is deliberate. This is in line with the intentions of RFC
  13. + TLSv1.X is deliberate. This is in line with the intentions of RFC
  14. 3207. Servers typically support SSL as well as TLS because some
  15. versions of Netscape do not support TLS. I am assuming that all
  16. currently deployed servers correctly support TLS. */
  17. - ctx = SSL_CTX_new (TLSv1_client_method ());
  18. +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
  19. + !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
  20. + ctx = SSL_CTX_new (TLS_client_method ());
  21. +#else
  22. + ctx = SSL_CTX_new (SSLv23_client_method ());
  23. +#endif
  24. +
  25. +#ifdef OPENSSL_NO_SSL3
  26. + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
  27. +#endif
  28. +
  29. +#ifdef OPENSSL_NO_SSL2
  30. + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
  31. +#endif
  32. /* Load our keys and certificates. To avoid messing with configuration
  33. variables etc, use fixed paths for the certificate store. These are