From b2311d3a32f430ad6ea9ea2ad6a446beb7006e4f Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Tue, 2 Feb 2010 14:16:50 +0200 Subject: [PATCH] login: Use SSLv23_server_method() after all. It appears to be the only method that supports both SSLv3 and TLSv1 connections, without breaking the other one. --HG-- branch : HEAD --- src/login-common/ssl-proxy-openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login-common/ssl-proxy-openssl.c b/src/login-common/ssl-proxy-openssl.c index c520212f3d..5be6f9e587 100644 --- a/src/login-common/ssl-proxy-openssl.c +++ b/src/login-common/ssl-proxy-openssl.c @@ -1098,7 +1098,7 @@ ssl_server_context_init(const struct login_settings *set) ctx->cipher_list = p_strdup(pool, set->ssl_cipher_list); ctx->verify_client_cert = set->ssl_verify_client_cert; - ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv3_server_method()); + ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (ssl_ctx == NULL) i_fatal("SSL_CTX_new() failed"); xnames = ssl_proxy_ctx_init(ssl_ctx, set); -- 2.47.3