Matus UHLAR - fantomas writes:
On 03.06.15 17:05, Matus UHLAR - fantomas wrote: >What would be best done, is to backport TLS1_1 and TLS1_2 support to the >version in wheezy (that should be supported for 5 years since release). > > >Sam, would you find that possible? > >Are there any commits updating openssl and tls1+ available on github >(or anywhere else)?I see two commits that could help the issue, could either one help? 2014-10-15 Rob Austein <s...@hactrn.net> * libs/tcpd/libcouriertls.c (tls_create): Set SSL_OP_NOSSLv3 flag, to disable SSL3 support. 2013-10-14 Sam Varshavchik <mr...@courier-mta.com> * libs/tcpd/libcouriertls.c (tls_create): Add TLSv1_1_method() and TLSv1_2 method(), based on patch by Rob Austein <s...@hactrn.net>. * courier/module.esmtp/esmtpd.dist.in, courier/module.esmtp/esmtpd-ssl.dist.in, courier/courierd.dist.in, libs/imap/pop3d-ssl.dist.in, libs/imap/imapd-ssl.dist.in: Fix up differences in the documentation of TLS options in various config files.
The entirety of the first part, and the parts of the 2nd one that apply to libcouriertls.c should have at least some of what's needed.
All the required changes will be to libcouriertls.c. So, doing a git log on libcouriertls.c, and finding the last commit that's in Debian's package, based on the datestamps, should be enough to identify all needed changes. The last two patches may not be enough, there have been a few other changes to libcouriertls.c in the last year or so, and if the Debian package is so old it may need those two.
However, in all cases, only the changes to libcouriertls.c will need to be looked at. This code is fairly isolated.
pgpPScB3HiGm3.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users