login: Use SSLv23_server_method() after all.

It appears to be the only method that supports both SSLv3 and TLSv1
connections, without breaking the other one.

--HG--
branch : HEAD

diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c
index c520212f3db7e9b689226566aa86aa4013e44a72..5be6f9e5874542a726591f56f24ab37647c4f841 100644 (file)
--- a/src/login-common/ssl-proxy-openssl.c
+++ b/src/login-common/ssl-proxy-openssl.c
@@ -1098,7 +1098,7 @@ ssl_server_context_init(const struct login_settings *set)
        ctx->cipher_list = p_strdup(pool, set->ssl_cipher_list);
        ctx->verify_client_cert = set->ssl_verify_client_cert;
 
-       ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv3_server_method());
+       ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method());
        if (ssl_ctx == NULL)
                i_fatal("SSL_CTX_new() failed");
        xnames = ssl_proxy_ctx_init(ssl_ctx, set);