From: Marco Bettini <marco.bettini@open-xchange.com>
Date: Wed, 16 Mar 2022 10:53:25 +0000 (+0000)
Subject: lib-master: master_service_ssl_settings_check(): Raise warning when ssl_min_protocol... 
X-Git-Tag: 2.4.0~4253
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95b2206ccecd79d28da79fcb6a85d1dd301aad08;p=thirdparty%2Fdovecot%2Fcore.git

lib-master: master_service_ssl_settings_check(): Raise warning when ssl_min_protocol contains ANY
---

diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index 5ddf18cc8a..25c214890a 100644
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -145,7 +145,15 @@ master_service_ssl_settings_check(void *_set, pool_t pool ATTR_UNUSED,
 		*error_r = "ssl enabled, but ssl_key not set";
 		return FALSE;
 	}
+
+	T_BEGIN {
+		const char *proto = t_str_ucase(set->ssl_min_protocol);
+		if (strstr(proto, "ANY") != NULL)
+			i_warning("ssl_min_protocol=ANY is used - This is "
+					"insecure and intended only for testing");
+	} T_END;
 #endif
+
 	if (set->ssl_verify_client_cert && *set->ssl_ca == '\0') {
 		*error_r = "ssl_verify_client_cert set, but ssl_ca not";
 		return FALSE;