Mercurial > dovecot > original-hg > dovecot-1.2
changeset 1996:d8f06a0c818e HEAD
Added ssl_cipher_list setting.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 10 May 2004 04:55:41 +0300 |
parents | cc64f8bb4716 |
children | 1d0985f6bdd9 |
files | dovecot-example.conf src/login-common/ssl-proxy-openssl.c src/master/login-process.c src/master/master-settings.c src/master/master-settings.h |
diffstat | 5 files changed, 17 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/dovecot-example.conf Mon May 10 04:47:08 2004 +0300 +++ b/dovecot-example.conf Mon May 10 04:55:41 2004 +0300 @@ -43,6 +43,9 @@ # entirely. #ssl_parameters_regenerate = 24 +# SSL ciphers to use +#ssl_cipher_list = all:!low + # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if
--- a/src/login-common/ssl-proxy-openssl.c Mon May 10 04:47:08 2004 +0300 +++ b/src/login-common/ssl-proxy-openssl.c Mon May 10 04:55:41 2004 +0300 @@ -15,7 +15,7 @@ #include <openssl/err.h> #include <openssl/rand.h> -#define SSL_CIPHER_LIST "ALL:!LOW" +#define DOVECOT_SSL_DEFAULT_CIPHER_LIST "ALL:!LOW" enum ssl_io_action { SSL_ADD_INPUT, @@ -403,7 +403,7 @@ void ssl_proxy_init(void) { - const char *cafile, *certfile, *keyfile, *paramfile; + const char *cafile, *certfile, *keyfile, *paramfile, *cipher_list; char buf; cafile = getenv("SSL_CA_FILE"); @@ -424,9 +424,12 @@ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); - if (SSL_CTX_set_cipher_list(ssl_ctx, SSL_CIPHER_LIST) != 1) { + cipher_list = getenv("SSL_CIPHER_LIST"); + if (cipher_list == NULL) + cipher_list = DOVECOT_SSL_DEFAULT_CIPHER_LIST; + if (SSL_CTX_set_cipher_list(ssl_ctx, cipher_list) != 1) { i_fatal("Can't set cipher list to '%s': %s", - SSL_CIPHER_LIST, ssl_last_error()); + cipher_list, ssl_last_error()); } if (cafile != NULL) {
--- a/src/master/login-process.c Mon May 10 04:47:08 2004 +0300 +++ b/src/master/login-process.c Mon May 10 04:55:41 2004 +0300 @@ -392,6 +392,10 @@ set->ssl_key_file, NULL)); env_put(t_strconcat("SSL_PARAM_FILE=", set->ssl_parameters_file, NULL)); + if (set->ssl_cipher_list != NULL) { + env_put(t_strconcat("SSL_CIPHER_LIST=", + set->ssl_cipher_list, NULL)); + } } if (set->disable_plaintext_auth)
--- a/src/master/master-settings.c Mon May 10 04:47:08 2004 +0300 +++ b/src/master/master-settings.c Mon May 10 04:55:41 2004 +0300 @@ -51,6 +51,7 @@ DEF(SET_STR, ssl_key_file), DEF(SET_STR, ssl_parameters_file), DEF(SET_STR, ssl_parameters_regenerate), + DEF(SET_STR, ssl_cipher_list), DEF(SET_BOOL, disable_plaintext_auth), DEF(SET_BOOL, verbose_ssl), @@ -172,6 +173,7 @@ MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem", MEMBER(ssl_parameters_file) "ssl-parameters.dat", MEMBER(ssl_parameters_regenerate) 24, + MEMBER(ssl_cipher_list) NULL, MEMBER(disable_plaintext_auth) TRUE, MEMBER(verbose_ssl) FALSE,
--- a/src/master/master-settings.h Mon May 10 04:47:08 2004 +0300 +++ b/src/master/master-settings.h Mon May 10 04:55:41 2004 +0300 @@ -28,6 +28,7 @@ const char *ssl_key_file; const char *ssl_parameters_file; unsigned int ssl_parameters_regenerate; + const char *ssl_cipher_list; int disable_plaintext_auth; int verbose_ssl;