From: Timo Sirainen Date: Tue, 2 Feb 2010 12:16:50 +0000 (+0200) Subject: login: Use SSLv23_server_method() after all. X-Git-Tag: 2.0.beta3~173 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b2311d3a32f430ad6ea9ea2ad6a446beb7006e4f;p=thirdparty%2Fdovecot%2Fcore.git login: Use SSLv23_server_method() after all. It appears to be the only method that supports both SSLv3 and TLSv1 connections, without breaking the other one. --HG-- branch : HEAD --- diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c index c520212f3d..5be6f9e587 100644 --- a/src/login-common/ssl-proxy-openssl.c +++ b/src/login-common/ssl-proxy-openssl.c @@ -1098,7 +1098,7 @@ ssl_server_context_init(const struct login_settings *set) ctx->cipher_list = p_strdup(pool, set->ssl_cipher_list); ctx->verify_client_cert = set->ssl_verify_client_cert; - ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv3_server_method()); + ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (ssl_ctx == NULL) i_fatal("SSL_CTX_new() failed"); xnames = ssl_proxy_ctx_init(ssl_ctx, set);