diff options
| author | David F. Skoll <dfs@roaringpenguin.com> | 2014-05-12 15:52:30 -0400 |
|---|---|---|
| committer | Andreas Beckmann <anbe@debian.org> | 2014-05-21 21:11:24 +0200 |
| commit | f53275311143adced127b9406d1060a35379ec15 (patch) | |
| tree | 148c2862676a0046c9c839b2876ec6262cadaf3c /debian | |
| parent | 97d6ba7bd01c0fae8cbaa0928b61c28663d32626 (diff) | |
| download | sendmail-f53275311143adced127b9406d1060a35379ec15.tar.gz | |
add support for OpenSSL options SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_1
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/patches/8.14/8.14.4/series | 1 | ||||
| -rw-r--r-- | debian/patches/8.14/8.14.4/ssl_op_no_tlsv1_x.patch | 31 |
3 files changed, 34 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 6afb8bc..d02f2ca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ sendmail (8.14.4-6) UNRELEASED; urgency=medium * Add systemd socket activation support for libmilter, thanks to Mikhail Gusarov. (Closes: #741257) * Add _FFR_TLS_EC support, thanks to Fredrik Pettai. (Closes: #740792) + * Add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 + (backported from 8.14.8), thanks to David F. Skoll. (Closes: #747910) -- Andreas Beckmann <anbe@debian.org> Tue, 22 Apr 2014 17:01:07 +0200 diff --git a/debian/patches/8.14/8.14.4/series b/debian/patches/8.14/8.14.4/series index 2032473..1d34b75 100644 --- a/debian/patches/8.14/8.14.4/series +++ b/debian/patches/8.14/8.14.4/series @@ -17,3 +17,4 @@ manpage-section.patch conf.c-ipv6.patch socket_activation.patch _ffr_tls_ec.patch +ssl_op_no_tlsv1_x.patch diff --git a/debian/patches/8.14/8.14.4/ssl_op_no_tlsv1_x.patch b/debian/patches/8.14/8.14.4/ssl_op_no_tlsv1_x.patch new file mode 100644 index 0000000..305294e --- /dev/null +++ b/debian/patches/8.14/8.14.4/ssl_op_no_tlsv1_x.patch @@ -0,0 +1,31 @@ +Date: Mon, 12 May 2014 15:52:30 -0400 +From: "David F. Skoll" <dfs@roaringpenguin.com> +Subject: Please add support for additional OpenSSL options SSL_OP_NO_TLSv1_2 + and SSL_OP_NO_TLSv1_1 + +Sendmail on Wheezy sometimes has interoperability problems with other +SSL implementations. Some of these can be fixed by disabling TLS 1.1 +and TLS 1.2. Sendmail 8.14.8 supports SSL options to do this, but +Sendmail 8.14.4-4 does not. Could we backport this patch from 8.14.8 to +8.14.4-4 so that we can use SSL_OP_NO_TLSv1_2 and SSL_OP_NO_TLSv1_1 ? + +Regards, + +David. + + +--- sendmail-8.14.7/sendmail/readcf.c 2013-03-15 18:54:12.000000000 +0100 ++++ sendmail-8.14.8/sendmail/readcf.c 2013-11-22 21:51:56.000000000 +0100 +@@ -2373,6 +2385,12 @@ static struct ssl_options + #ifdef SSL_OP_NO_TLSv1 + { "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 }, + #endif ++#ifdef SSL_OP_NO_TLSv1_2 ++ { "SSL_OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 }, ++#endif ++#ifdef SSL_OP_NO_TLSv1_1 ++ { "SSL_OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1 }, ++#endif + #ifdef SSL_OP_PKCS1_CHECK_1 + { "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 }, + #endif |