# HG changeset patch
# User Timo Sirainen <tss@iki.fi>
# Date 1265113010 -7200
# Node ID b0239838bdfed5e2d21221e1ef71a345fb0c721b
# Parent  a07a699b383130115fecffaa5922dc6026be6205
login: Use SSLv23_server_method() after all.
It appears to be the only method that supports both SSLv3 and TLSv1
connections, without breaking the other one.

diff -r a07a699b3831 -r b0239838bdfe src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Mon Feb 01 20:03:58 2010 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Feb 02 14:16:50 2010 +0200
@@ -1098,7 +1098,7 @@
 	ctx->cipher_list = p_strdup(pool, set->ssl_cipher_list);
 	ctx->verify_client_cert = set->ssl_verify_client_cert;
 
-	ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv3_server_method());
+	ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method());
 	if (ssl_ctx == NULL)
 		i_fatal("SSL_CTX_new() failed");
 	xnames = ssl_proxy_ctx_init(ssl_ctx, set);