/[smeserver]/rpms/qpsmtpd/sme9/qpsmtpd-0.84-allow_tls_proto_from_config.patch
ViewVC logotype

Annotation of /rpms/qpsmtpd/sme9/qpsmtpd-0.84-allow_tls_proto_from_config.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Thu Jan 7 18:08:47 2016 UTC (8 years, 4 months ago) by vip-ire
Branch: MAIN
CVS Tags: qpsmtpd-0_96-5_el6_sme, qpsmtpd-0_96-1_el6_sme, qpsmtpd-0_96-6_el6_sme, qpsmtpd-0_96-8_el6_sme, qpsmtpd-0_96-7_el6_sme, qpsmtpd-0_96-2_el6_sme, qpsmtpd-0_96-4_el6_sme, qpsmtpd-0_96-3_el6_sme, qpsmtpd-0_96-10_el6_sme, qpsmtpd-0_96-11_el6_sme, qpsmtpd-0_84-18_el6_sme, qpsmtpd-0_96-9_el6_sme, HEAD 
* Thu Jan 7 2016 Daniel Berteaud <daniel@firewall-services.com> 0.84-18.sme
- Allow reading SSL_version from the tls_protocols config file (and turn
  TLSv1 back on by default) [SME: 9162]
1 vip-ire 1.1 diff -Nur qpsmtpd-0.84/plugins/tls qpsmtpd-0.84_bz9162/plugins/tls
2     --- qpsmtpd-0.84/plugins/tls 2016-01-07 18:52:04.588735630 +0100
3     +++ qpsmtpd-0.84_bz9162/plugins/tls 2016-01-07 18:56:14.294727154 +0100
4     @@ -57,6 +57,14 @@
5     and put a suitable string in config/tls_ciphers (e.g. "DEFAULT" or
6     "HIGH:MEDIUM")
7    
8     +=head1 SSL/TLS protocols versions
9     +
10     +By default, SSLv2 and SSLv3 are not accepted, leaving only TLSv1,
11     +TLSv1.1 or TLSv1.2 enabled. You can customize this in config/tls_protocols
12     +For example, this will also disabled TLSv1, leaving only TLSv1.1 and TLSv1.2
13     +
14     +SSLv23:!SSLv2:!SSLv3:!TLSv1
15     +
16     =cut
17    
18     use IO::Socket::SSL 0.98; # qw(debug1 debug2 debug3 debug4);
19     @@ -74,6 +82,7 @@
20     $self->tls_key($key);
21     $self->tls_ca($ca);
22     $self->tls_ciphers($self->qp->config('tls_ciphers') || 'HIGH');
23     + $self->tls_protocols($self->qp->config('tls_protocols') || 'SSLv23:!SSLv2:!SSLv3');
24    
25     Qpsmtpd->varlog(LOGINFO, "init", "tls", "ciphers: ".$self->tls_ciphers);
26    
27     @@ -84,7 +93,7 @@
28     SSL_key_file => $self->tls_key,
29     SSL_ca_file => $self->tls_ca,
30     SSL_cipher_list => $self->tls_ciphers,
31     - SSL_version => 'SSLv23:!SSLv2:!SSLv3:!TLSv1',
32     + SSL_version => $self->tls_protocols,
33     SSL_server => 1
34     ) or die "Could not create SSL context: $!";
35     # now extract the password...
36     @@ -203,7 +212,7 @@
37     SSL_key_file => $self->tls_key,
38     SSL_ca_file => $self->tls_ca,
39     SSL_cipher_list => $self->tls_ciphers,
40     - SSL_version => 'SSLv23:!SSLv2:!SSLv3:!TLSv1',
41     + SSL_version => $self->tls_protocols,
42     SSL_server => 1,
43     SSL_reuse_ctx => $self->ssl_context,
44     ) or die "Could not create SSL socket: $!";
45     @@ -260,6 +269,12 @@
46     $self->{_tls_ciphers};
47     }
48    
49     +sub tls_protocols {
50     + my $self = shift;
51     + @_ and $self->{_tls_protocols} = shift;
52     + $self->{_tls_protocols};
53     +}
54     +
55     sub ssl_context {
56     my $self = shift;
57     @_ and $self->{_ssl_ctx} = shift;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed