diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-22 14:55:42 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2015-02-22 14:55:42 +0000 |
| commit | 322a1df0f271d3355186ec15e994a8a878ccb30e (patch) | |
| tree | 775a7ae008b3ab6792bd09e906004a7e975cf312 /libexec | |
| parent | ae65412c26bdc7b50f00739529d3d98fefc6e07a (diff) | |
Set the TLS ciphers to "compat" mode, restoring the previous behaviour.
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/spamd/spamd.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c index 1b0e185808a..a993a8dbb16 100644 --- a/libexec/spamd/spamd.c +++ b/libexec/spamd/spamd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd.c,v 1.124 2015/02/12 04:23:17 jsing Exp $ */ +/* $OpenBSD: spamd.c,v 1.125 2015/02/22 14:55:40 jsing Exp $ */ /* * Copyright (c) 2015 Henning Brauer <henning@openbsd.org> @@ -440,10 +440,13 @@ spamd_tls_init(char *keyfile, char *certfile) errx(1, "failed to get tls config"); if ((tlsctx = tls_server()) == NULL) errx(1, "failed to get tls server"); - /* might need user-specified ciphers, tls_config_set_ciphers */ tls_config_set_protocols(tlscfg, TLS_PROTOCOLS_ALL); + /* might need user-specified ciphers, tls_config_set_ciphers */ + if (tls_config_set_ciphers(tlscfg, "compat") != 0) + errx(1, "failed to set tls ciphers"); + if (tls_config_set_cert_file(tlscfg, certfile) != 0) err(1, "could not load certificate %s", certfile); if (tls_config_set_key_file(tlscfg, keyfile) != 0) |