From a2bac8cf8e9877793f29097f8a9f406087287f3f Mon Sep 17 00:00:00 2001 From: eric Date: Fri, 2 Apr 2021 06:30:55 +0000 Subject: if cipher list is not specified for a relay action, use the global cipher list if defined. otherwise fallback to libtls default. ok millert@ --- usr.sbin/smtpd/mta.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.sbin/smtpd/mta.c b/usr.sbin/smtpd/mta.c index 2da8608e3a0..4339481f0a7 100644 --- a/usr.sbin/smtpd/mta.c +++ b/usr.sbin/smtpd/mta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta.c,v 1.236 2021/03/31 17:47:16 eric Exp $ */ +/* $OpenBSD: mta.c,v 1.237 2021/04/02 06:30:55 eric Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard @@ -491,6 +491,7 @@ mta_setup_dispatcher(struct dispatcher *dispatcher) struct tls_config *config; struct pki *pki; struct ca *ca; + const char *ciphers; uint32_t protos; if (dispatcher->type != DISPATCHER_REMOTE) @@ -501,8 +502,10 @@ mta_setup_dispatcher(struct dispatcher *dispatcher) if ((config = tls_config_new()) == NULL) fatal("smtpd: tls_config_new"); - if (remote->tls_ciphers && - tls_config_set_ciphers(config, remote->tls_ciphers) == -1) + ciphers = env->sc_tls_ciphers; + if (remote->tls_ciphers) + ciphers = remote->tls_ciphers; + if (ciphers && tls_config_set_ciphers(config, ciphers) == -1) err(1, "%s", tls_config_error(config)); if (remote->tls_protocols && -- cgit v1.2.3-59-g8ed1b