On Wed, Oct 15, 2014 at 09:33:50PM +0200, Gilles Chehade wrote: > > Index: ssl.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/ssl.c,v > retrieving revision 1.71 > diff -u -p -r1.71 ssl.c > --- ssl.c 2 Oct 2014 18:30:21 -0000 1.71 > +++ ssl.c 15 Oct 2014 19:14:52 -0000 > @@ -263,7 +263,7 @@ ssl_ctx_create(const char *pkiname, char > SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); > SSL_CTX_set_timeout(ctx, SSL_SESSION_TIMEOUT); > SSL_CTX_set_options(ctx, > - SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET); > + SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET); > SSL_CTX_set_options(ctx, > SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); >
with instructions it's better ... save above diff as ssl3.diff, then: $ cd smtpd-dir/ $ patch -p0 < ssl3.diff $ make && make install OpenSMTPD then needs a restart. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
