diff options
| author |   jsing <jsing@openbsd.org> | 2015-02-22 14:55:40 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-02-22 14:55:40 +0000 |
| commit | c7dffc0b36ed0d33661b476790058b3a171f77cc (patch) | |
| tree | 2444e314f0347768eed23ce29c433956c0772762 /libexec/spamd | |
| parent | In the interests of being secure by default, make the default TLS ciphers (diff) | |
| download | wireguard-openbsd-c7dffc0b36ed0d33661b476790058b3a171f77cc.tar.xz wireguard-openbsd-c7dffc0b36ed0d33661b476790058b3a171f77cc.zip | |
Set the TLS ciphers to "compat" mode, restoring the previous behaviour.
Diffstat (limited to 'libexec/spamd')
| -rw-r--r-- | libexec/spamd/spamd.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c index 1b0e185808a..a993a8dbb16 100644 --- a/libexec/spamd/spamd.c +++ b/libexec/spamd/spamd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd.c,v 1.124 2015/02/12 04:23:17 jsing Exp $ */ +/* $OpenBSD: spamd.c,v 1.125 2015/02/22 14:55:40 jsing Exp $ */ /* * Copyright (c) 2015 Henning Brauer <henning@openbsd.org> @@ -440,10 +440,13 @@ spamd_tls_init(char *keyfile, char *certfile) errx(1, "failed to get tls config"); if ((tlsctx = tls_server()) == NULL) errx(1, "failed to get tls server"); - /* might need user-specified ciphers, tls_config_set_ciphers */ tls_config_set_protocols(tlscfg, TLS_PROTOCOLS_ALL); + /* might need user-specified ciphers, tls_config_set_ciphers */ + if (tls_config_set_ciphers(tlscfg, "compat") != 0) + errx(1, "failed to set tls ciphers"); + if (tls_config_set_cert_file(tlscfg, certfile) != 0) err(1, "could not load certificate %s", certfile); if (tls_config_set_key_file(tlscfg, keyfile) != 0) |