New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1

(no changes to any defaults).

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 820016310e3c443d768965722e30bb0c09fbb08e..14dac2946272889b1fe0b6715eb7959bcabdab59 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -11,6 +11,8 @@ PP/01 The new ldap_require_cert option would segfault if used.  Fixed.
 PP/02 Harmonised TLS library version reporting; only show if debugging.
       Layout now matches that introduced for other libraries in 4.74 PP/03.
 
+PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
+
 
 Exim version 4.75
 -----------------

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index e9628ba29a1e50488a836b20b9ab4d3e0da8fb08..9a37990852de657e0fcb1e3dbc47b1176dcb1ebc 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1180,7 +1180,7 @@ all options unless explicitly for DTLS, let the administrator choose which
 to apply.
 
 This list is current as of:
-  ==>  0.9.8n  <==  */
+  ==>  1.0.0c  <==  */
 static struct exim_openssl_option exim_openssl_options[] = {
 /* KEEP SORTED ALPHABETICALLY! */
 #ifdef SSL_OP_ALL
@@ -1219,6 +1219,18 @@ static struct exim_openssl_option exim_openssl_options[] = {
 #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
   { US"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION },
 #endif
+#ifdef SSL_OP_NO_SSLv2
+  { US"no_sslv2", SSL_OP_NO_SSLv2 },
+#endif
+#ifdef SSL_OP_NO_SSLv3
+  { US"no_sslv3", SSL_OP_NO_SSLv3 },
+#endif
+#ifdef SSL_OP_NO_TICKET
+  { US"no_ticket", SSL_OP_NO_TICKET },
+#endif
+#ifdef SSL_OP_NO_TLSv1
+  { US"no_tlsv1", SSL_OP_NO_TLSv1 },
+#endif
 #ifdef SSL_OP_SINGLE_DH_USE
   { US"single_dh_use", SSL_OP_SINGLE_DH_USE },
 #endif