/[smeserver]/rpms/qpsmtpd/sme9/qpsmtpd-0.95-allow_tls_proto_from_conf.patch
ViewVC logotype

Contents of /rpms/qpsmtpd/sme9/qpsmtpd-0.95-allow_tls_proto_from_conf.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download)
Fri May 6 19:58:07 2016 UTC (8 years ago) by vip-ire
Branch: MAIN
CVS Tags: qpsmtpd-0_96-5_el6_sme, qpsmtpd-0_96-1_el6_sme, qpsmtpd-0_96-6_el6_sme, qpsmtpd-0_96-8_el6_sme, qpsmtpd-0_96-7_el6_sme, qpsmtpd-0_96-2_el6_sme, qpsmtpd-0_96-4_el6_sme, qpsmtpd-0_96-3_el6_sme, qpsmtpd-0_96-10_el6_sme, qpsmtpd-0_96-11_el6_sme, qpsmtpd-0_96-9_el6_sme, HEAD 
Update to 0.96
1 diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
2 --- qpsmtpd-0.95/plugins/tls 2016-01-07 19:14:45.099736554 +0100
3 +++ mezzanine_patched_qpsmtpd-0.95/plugins/tls 2016-01-07 19:14:30.152736181 +0100
4 @@ -62,6 +62,14 @@
5 and put a suitable string in config/tls_ciphers (e.g. "DEFAULT" or
6 "HIGH:MEDIUM")
7
8 +=head1 SSL/TLS protocols versions
9 +
10 +By default, SSLv2 and SSLv3 are not accepted, leaving only TLSv1,
11 +TLSv1.1 or TLSv1.2 enabled. You can customize this in config/tls_protocols
12 +For example, this will also disabled TLSv1, leaving only TLSv1.1 and TLSv1.2
13 +
14 +SSLv23:!SSLv2:!SSLv3:!TLSv1
15 +
16 =cut
17
18 use strict;
19 @@ -94,6 +102,7 @@
20 $self->tls_ca($ca);
21 $self->tls_dhparam($dhparam);
22 $self->tls_ciphers($self->qp->config('tls_ciphers') || 'HIGH');
23 + $self->tls_protocols($self->qp->config('tls_protocols') || 'SSLv23:!SSLv2:!SSLv3');
24
25 $self->log(LOGDEBUG, "ciphers: " . $self->tls_ciphers);
26
27 @@ -102,7 +111,7 @@
28 IO::Socket::SSL::SSL_Context->new(
29 # Disable SSLv2 and SSLv3 to avoid POODLE attacks. This is already
30 # the default in sufficiently recent versions of IO::Socket::SSL
31 - SSL_version => 'SSLv23:!SSLv3:!SSLv2',
32 + SSL_version => $self->tls_protocols,
33 SSL_use_cert => 1,
34 SSL_cert_file => $self->tls_cert,
35 SSL_key_file => $self->tls_key,
36 @@ -226,6 +235,7 @@
37 my $tlssocket =
38 IO::Socket::SSL->new_from_fd(
39 fileno(STDIN), '+>',
40 + SSL_version => $self->tls_protocols,
41 SSL_use_cert => 1,
42 SSL_cert_file => $self->tls_cert,
43 SSL_key_file => $self->tls_key,
44 @@ -286,6 +296,12 @@
45 $self->{_tls_ciphers};
46 }
47
48 +sub tls_protocols {
49 + my $self = shift;
50 + @_ and $self->{_tls_protocols} = shift;
51 + $self->{_tls_protocols};
52 +}
53 +
54 sub ssl_context {
55 my $self = shift;
56 @_ and $self->{_ssl_ctx} = shift;
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed